Sign-up

ID

VAR-201807-0320


CVE

CVE-2018-0038


TITLE

Juniper Networks Contrail Service Orchestration Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-007805

DESCRIPTION

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra. Juniper Contrail Service Orchestration (CSO) is a set of products of Juniper Networks (Juniper Networks) for designing and deploying network services in the cloud CPE centralized deployment model. A security vulnerability exists in Juniper CSO versions prior to 3.3.0

Trust: 1.71

sources: NVD: CVE-2018-0038 // JVNDB: JVNDB-2018-007805 // VULHUB: VHN-118240

AFFECTED PRODUCTS

vendor:junipermodel:contrail service orchestrationscope:ltversion:3.3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-007805 // NVD: CVE-2018-0038

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0038
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0038
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-1080
value: HIGH

Trust: 0.6

VULHUB: VHN-118240
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0038
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118240
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0038
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118240 // JVNDB: JVNDB-2018-007805 // CNNVD: CNNVD-201807-1080 // NVD: CVE-2018-0038

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-118240 // JVNDB: JVNDB-2018-007805 // NVD: CVE-2018-0038

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1080

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1080

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007805

PATCH
title:JSA10872url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10872&actp=METADATA
Trust: 0.8
title:Juniper Contrail Service Orchestration Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82096
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-007805 // 
            
            
            
            CNNVD: CNNVD-201807-1080

EXTERNAL IDS
db:NVDid:CVE-2018-0038
Trust: 2.5
db:JUNIPERid:JSA10872
Trust: 1.7
db:JVNDBid:JVNDB-2018-007805
Trust: 0.8
db:CNNVDid:CNNVD-201807-1080
Trust: 0.7
db:VULHUBid:VHN-118240
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118240 // 
            
            
            
            JVNDB: JVNDB-2018-007805 // 
            
            
            
            CNNVD: CNNVD-201807-1080 // 
            
            
            
            NVD: CVE-2018-0038

REFERENCES
url:https://kb.juniper.net/jsa10872
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0038
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0038
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118240 // 
            
            
            
            JVNDB: JVNDB-2018-007805 // 
            
            
            
            CNNVD: CNNVD-201807-1080 // 
            
            
            
            NVD: CVE-2018-0038

SOURCES
db:VULHUBid:VHN-118240
db:JVNDBid:JVNDB-2018-007805
db:CNNVDid:CNNVD-201807-1080
db:NVDid:CVE-2018-0038

LAST UPDATE DATE
2024-11-23T22:41:48.313000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118240date:2018-09-06T00:00:00
db:JVNDBid:JVNDB-2018-007805date:2018-09-27T00:00:00
db:CNNVDid:CNNVD-201807-1080date:2018-07-12T00:00:00
db:NVDid:CVE-2018-0038date:2024-11-21T03:37:24.477

SOURCES RELEASE DATE
db:VULHUBid:VHN-118240date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-007805date:2018-09-27T00:00:00
db:CNNVDid:CNNVD-201807-1080date:2018-07-12T00:00:00
db:NVDid:CVE-2018-0038date:2018-07-11T18:29:00.793