CVE-2018-0038

CRITICAL

Juniper Contrail Service Orchestration < 3.3.0 - Unauthenticated Use of Hard-coded Credentials in Cassandra Service

Title source: llm
STIX 2.1

Description

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10872

Scores

CVSS v3 9.8
EPSS 0.0046
EPSS Percentile 64.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (1)
juniper/contrail_service_orchestration < 3.3.0
Published Jul 11, 2018
Tracked Since Feb 18, 2026