Sign-up

ID

VAR-201807-0322


CVE

CVE-2018-0040


TITLE

Juniper Networks Contrail Service Orchestration Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-007808

DESCRIPTION

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services. Juniper Contrail Service Orchestration (CSO) is a set of products of Juniper Networks (Juniper Networks) for designing and deploying network services in the cloud CPE centralized deployment model. A security vulnerability exists in Juniper CSO prior to 4.0.0 due to the use of hard-coded certificates and keys. An attacker could exploit this vulnerability to gain unauthorized access

Trust: 1.8

sources: NVD: CVE-2018-0040 // JVNDB: JVNDB-2018-007808 // VULHUB: VHN-118242 // VULMON: CVE-2018-0040

AFFECTED PRODUCTS

vendor:junipermodel:contrail service orchestrationscope:ltversion:4.0.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-007808 // NVD: CVE-2018-0040

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0040
value: CRITICAL

Trust: 1.0

sirt@juniper.net: CVE-2018-0040
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0040
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-1078
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118242
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0040
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0040
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118242
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0040
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-118242 // VULMON: CVE-2018-0040 // JVNDB: JVNDB-2018-007808 // CNNVD: CNNVD-201807-1078 // NVD: CVE-2018-0040 // NVD: CVE-2018-0040

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

problemtype:CWE-321

Trust: 1.0

sources: VULHUB: VHN-118242 // JVNDB: JVNDB-2018-007808 // NVD: CVE-2018-0040

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1078

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-1078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007808

PATCH
title:JSA10872url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10872&actp=METADATA
Trust: 0.8
title:Juniper Contrail Service Orchestration Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82094
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-007808 // 
            
            
            
            CNNVD: CNNVD-201807-1078

EXTERNAL IDS
db:NVDid:CVE-2018-0040
Trust: 2.6
db:JUNIPERid:JSA10872
Trust: 1.8
db:JVNDBid:JVNDB-2018-007808
Trust: 0.8
db:CNNVDid:CNNVD-201807-1078
Trust: 0.7
db:VULHUBid:VHN-118242
Trust: 0.1
db:VULMONid:CVE-2018-0040
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118242 // 
            
            
            
            VULMON: CVE-2018-0040 // 
            
            
            
            JVNDB: JVNDB-2018-007808 // 
            
            
            
            CNNVD: CNNVD-201807-1078 // 
            
            
            
            NVD: CVE-2018-0040

REFERENCES
url:https://kb.juniper.net/jsa10872
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0040
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0040
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118242 // 
            
            
            
            VULMON: CVE-2018-0040 // 
            
            
            
            JVNDB: JVNDB-2018-007808 // 
            
            
            
            CNNVD: CNNVD-201807-1078 // 
            
            
            
            NVD: CVE-2018-0040

SOURCES
db:VULHUBid:VHN-118242
db:VULMONid:CVE-2018-0040
db:JVNDBid:JVNDB-2018-007808
db:CNNVDid:CNNVD-201807-1078
db:NVDid:CVE-2018-0040

LAST UPDATE DATE
2024-11-23T22:41:48.338000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118242date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0040date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007808date:2018-09-27T00:00:00
db:CNNVDid:CNNVD-201807-1078date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0040date:2024-11-21T03:37:24.690

SOURCES RELEASE DATE
db:VULHUBid:VHN-118242date:2018-07-11T00:00:00
db:VULMONid:CVE-2018-0040date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-007808date:2018-09-27T00:00:00
db:CNNVDid:CNNVD-201807-1078date:2018-07-12T00:00:00
db:NVDid:CVE-2018-0040date:2018-07-11T18:29:00.917