CVE-2018-0040

Published: Jul 11, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.

Affected (1)

Products: Juniper: Contrail Service Orchestration

Juniper

1 product

Contrail Service Orchestration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Juniper Contrail Service Orchestration	Before 4.0.0

Related CWEs

CWE-321

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://kb.juniper.net/JSA10872

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA10872

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.