CVE-2018-0041

CRITICAL

Juniper Contrail Service Orchestration < 3.3.0 - Use of Hard-coded Credentials

Title source: llm
STIX 2.1

Description

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10872

Scores

CVSS v3 9.8
EPSS 0.0046
EPSS Percentile 64.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (1)
juniper/contrail_service_orchestration < 3.3.0
Published Jul 11, 2018
Tracked Since Feb 18, 2026