Sign-up

ID

VAR-201807-0321


CVE

CVE-2018-0039


TITLE

Juniper Networks Contrail Service Orchestration Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-007806

DESCRIPTION

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana. There is a security vulnerability in Juniper CSO versions prior to 4.0.0

Trust: 1.71

sources: NVD: CVE-2018-0039 // JVNDB: JVNDB-2018-007806 // VULHUB: VHN-118241

AFFECTED PRODUCTS

vendor:junipermodel:contrail service orchestrationscope:ltversion:4.0.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-007806 // NVD: CVE-2018-0039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0039
value: CRITICAL

Trust: 1.0

sirt@juniper.net: CVE-2018-0039
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0039
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-1079
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118241
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0039
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118241
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0039
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2018-0039
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-118241 // JVNDB: JVNDB-2018-007806 // CNNVD: CNNVD-201807-1079 // NVD: CVE-2018-0039 // NVD: CVE-2018-0039

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

problemtype:CWE-561

Trust: 1.0

sources: VULHUB: VHN-118241 // JVNDB: JVNDB-2018-007806 // NVD: CVE-2018-0039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1079

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-1079

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007806

PATCH
title:JSA10872url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10872&actp=METADATA
Trust: 0.8
title:Juniper Contrail Service Orchestration Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82095
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-007806 // 
            
            
            
            CNNVD: CNNVD-201807-1079

EXTERNAL IDS
db:NVDid:CVE-2018-0039
Trust: 2.5
db:JUNIPERid:JSA10872
Trust: 1.7
db:JVNDBid:JVNDB-2018-007806
Trust: 0.8
db:CNNVDid:CNNVD-201807-1079
Trust: 0.7
db:VULHUBid:VHN-118241
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118241 // 
            
            
            
            JVNDB: JVNDB-2018-007806 // 
            
            
            
            CNNVD: CNNVD-201807-1079 // 
            
            
            
            NVD: CVE-2018-0039

REFERENCES
url:https://kb.juniper.net/jsa10872
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0039
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0039
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118241 // 
            
            
            
            JVNDB: JVNDB-2018-007806 // 
            
            
            
            CNNVD: CNNVD-201807-1079 // 
            
            
            
            NVD: CVE-2018-0039

SOURCES
db:VULHUBid:VHN-118241
db:JVNDBid:JVNDB-2018-007806
db:CNNVDid:CNNVD-201807-1079
db:NVDid:CVE-2018-0039

LAST UPDATE DATE
2024-11-23T22:41:48.365000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118241date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007806date:2018-09-27T00:00:00
db:CNNVDid:CNNVD-201807-1079date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0039date:2024-11-21T03:37:24.573

SOURCES RELEASE DATE
db:VULHUBid:VHN-118241date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-007806date:2018-09-27T00:00:00
db:CNNVDid:CNNVD-201807-1079date:2018-07-12T00:00:00
db:NVDid:CVE-2018-0039date:2018-07-11T18:29:00.823