CVE-2018-0039
MEDIUMJuniper Contrail Service Orchestration < 4.0.0 - Unauthenticated Hardcoded Credentials in Grafana Service
Title source: llmDescription
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10872
Scores
CVSS v3
6.5
EPSS
0.0025
EPSS Percentile
48.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-561
CWE-798
Status
published
Products (1)
juniper/contrail_service_orchestration
< 4.0.0
Published
Jul 11, 2018
Tracked Since
Feb 18, 2026