Sign-up

ID

VAR-201807-0324


CVE

CVE-2018-0042


TITLE

Juniper Networks CSO Vulnerabilities in certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-007809

DESCRIPTION

Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability. Juniper Contrail Service Orchestration (CSO) is a set of products of Juniper Networks (Juniper Networks) for designing and deploying network services in the cloud CPE centralized deployment model. An attacker could exploit this vulnerability to obtain sensitive information

Trust: 1.71

sources: NVD: CVE-2018-0042 // JVNDB: JVNDB-2018-007809 // VULHUB: VHN-118244

AFFECTED PRODUCTS

vendor:junipermodel:contrail service orchestrationscope:ltversion:4.0.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-007809 // NVD: CVE-2018-0042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0042
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0042
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-1076
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118244
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0042
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118244
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0042
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118244 // JVNDB: JVNDB-2018-007809 // CNNVD: CNNVD-201807-1076 // NVD: CVE-2018-0042

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-118244 // JVNDB: JVNDB-2018-007809 // NVD: CVE-2018-0042

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1076

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201807-1076

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007809

PATCH
title:JSA10872url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10872&actp=METADATA
Trust: 0.8
title:Juniper Contrail Service Orchestration Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82092
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-007809 // 
            
            
            
            CNNVD: CNNVD-201807-1076

EXTERNAL IDS
db:NVDid:CVE-2018-0042
Trust: 2.5
db:JUNIPERid:JSA10872
Trust: 1.7
db:JVNDBid:JVNDB-2018-007809
Trust: 0.8
db:CNNVDid:CNNVD-201807-1076
Trust: 0.7
db:VULHUBid:VHN-118244
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118244 // 
            
            
            
            JVNDB: JVNDB-2018-007809 // 
            
            
            
            CNNVD: CNNVD-201807-1076 // 
            
            
            
            NVD: CVE-2018-0042

REFERENCES
url:https://kb.juniper.net/jsa10872
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0042
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0042
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118244 // 
            
            
            
            JVNDB: JVNDB-2018-007809 // 
            
            
            
            CNNVD: CNNVD-201807-1076 // 
            
            
            
            NVD: CVE-2018-0042

SOURCES
db:VULHUBid:VHN-118244
db:JVNDBid:JVNDB-2018-007809
db:CNNVDid:CNNVD-201807-1076
db:NVDid:CVE-2018-0042

LAST UPDATE DATE
2024-11-23T22:41:48.391000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118244date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-007809date:2018-09-27T00:00:00
db:CNNVDid:CNNVD-201807-1076date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0042date:2024-11-21T03:37:24.907

SOURCES RELEASE DATE
db:VULHUBid:VHN-118244date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2018-007809date:2018-09-27T00:00:00
db:CNNVDid:CNNVD-201807-1076date:2018-07-12T00:00:00
db:NVDid:CVE-2018-0042date:2018-07-11T18:29:00.997