CVE-2018-0040

CRITICAL

Juniper Networks Contrail Service Orchestrator <4.0.0 - Info Disclo...

Title source: llm
STIX 2.1

Description

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10872

Scores

CVSS v3 9.8
EPSS 0.0016
EPSS Percentile 36.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-321 CWE-798
Status published
Products (1)
juniper/contrail_service_orchestration < 4.0.0
Published Jul 11, 2018
Tracked Since Feb 18, 2026