CVE-2017-10616
MEDIUMJuniper Contrail 2.2-2.21.3, 3.0-3.0.3.3, 3.1-3.1.3.9, 3.2-3.2.4.9 Hard-coded Credentials in ifmap
Title source: llmDescription
The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/orangecertcc/security-research/security/advisories/GHSA-qx9c-49m4-f3vj
Vendor Advisory
https://kb.juniper.net/JSA10819
Scores
CVSS v3
5.3
EPSS
0.0018
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-798
Status
published
Products (8)
juniper/contrail
2.2
juniper/contrail
3.0
juniper/contrail
3.1
juniper/contrail
3.2
Juniper Networks/Contrail
2.2 - 2.21.4
Juniper Networks/Contrail
3.0 - 3.0.3.4
Juniper Networks/Contrail
3.1 - 3.1.4.0
Juniper Networks/Contrail
3.2 - 3.2.5.0
Published
Oct 13, 2017
Tracked Since
Feb 18, 2026