Sign-up

ID

VAR-201807-0323


CVE

CVE-2018-0041


TITLE

Juniper Networks Contrail Service Orchestration Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-007807

DESCRIPTION

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone. A security vulnerability exists in Juniper CSO versions prior to 3.3.0

Trust: 1.71

sources: NVD: CVE-2018-0041 // JVNDB: JVNDB-2018-007807 // VULHUB: VHN-118243

AFFECTED PRODUCTS

vendor:junipermodel:contrail service orchestrationscope:ltversion:3.3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-007807 // NVD: CVE-2018-0041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0041
value: CRITICAL

Trust: 1.0

sirt@juniper.net: CVE-2018-0041
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0041
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-1077
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118243
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0041
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118243
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0041
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-118243 // JVNDB: JVNDB-2018-007807 // CNNVD: CNNVD-201807-1077 // NVD: CVE-2018-0041 // NVD: CVE-2018-0041

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-118243 // JVNDB: JVNDB-2018-007807 // NVD: CVE-2018-0041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1077

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-1077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007807

PATCH
title:JSA10872url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10872&actp=METADATA
Trust: 0.8
title:Juniper Contrail Service Orchestration Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82093
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-007807 // 
            
            
            
            CNNVD: CNNVD-201807-1077

EXTERNAL IDS
db:NVDid:CVE-2018-0041
Trust: 2.5
db:JUNIPERid:JSA10872
Trust: 1.7
db:JVNDBid:JVNDB-2018-007807
Trust: 0.8
db:CNNVDid:CNNVD-201807-1077
Trust: 0.7
db:VULHUBid:VHN-118243
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118243 // 
            
            
            
            JVNDB: JVNDB-2018-007807 // 
            
            
            
            CNNVD: CNNVD-201807-1077 // 
            
            
            
            NVD: CVE-2018-0041

REFERENCES
url:https://kb.juniper.net/jsa10872
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0041
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0041
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118243 // 
            
            
            
            JVNDB: JVNDB-2018-007807 // 
            
            
            
            CNNVD: CNNVD-201807-1077 // 
            
            
            
            NVD: CVE-2018-0041

SOURCES
db:VULHUBid:VHN-118243
db:JVNDBid:JVNDB-2018-007807
db:CNNVDid:CNNVD-201807-1077
db:NVDid:CVE-2018-0041

LAST UPDATE DATE
2024-11-23T22:41:48.415000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118243date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007807date:2018-09-27T00:00:00
db:CNNVDid:CNNVD-201807-1077date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0041date:2024-11-21T03:37:24.793

SOURCES RELEASE DATE
db:VULHUBid:VHN-118243date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-007807date:2018-09-27T00:00:00
db:CNNVDid:CNNVD-201807-1077date:2018-07-12T00:00:00
db:NVDid:CVE-2018-0041date:2018-07-11T18:29:00.950