var-201807-0322
Vulnerability from variot
Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services. Juniper Contrail Service Orchestration (CSO) is a set of products of Juniper Networks (Juniper Networks) for designing and deploying network services in the cloud CPE centralized deployment model. A security vulnerability exists in Juniper CSO prior to 4.0.0 due to the use of hard-coded certificates and keys. An attacker could exploit this vulnerability to gain unauthorized access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0322",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "contrail service orchestration",
"scope": "lt",
"trust": 1.8,
"vendor": "juniper",
"version": "4.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007808"
},
{
"db": "NVD",
"id": "CVE-2018-0040"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:juniper:contrail_service_orchestration",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007808"
}
]
},
"cve": "CVE-2018-0040",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-0040",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-118242",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0040",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0040",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "sirt@juniper.net",
"id": "CVE-2018-0040",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-0040",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1078",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118242",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-0040",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118242"
},
{
"db": "VULMON",
"id": "CVE-2018-0040"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007808"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1078"
},
{
"db": "NVD",
"id": "CVE-2018-0040"
},
{
"db": "NVD",
"id": "CVE-2018-0040"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services. Juniper Contrail Service Orchestration (CSO) is a set of products of Juniper Networks (Juniper Networks) for designing and deploying network services in the cloud CPE centralized deployment model. A security vulnerability exists in Juniper CSO prior to 4.0.0 due to the use of hard-coded certificates and keys. An attacker could exploit this vulnerability to gain unauthorized access",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0040"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007808"
},
{
"db": "VULHUB",
"id": "VHN-118242"
},
{
"db": "VULMON",
"id": "CVE-2018-0040"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0040",
"trust": 2.6
},
{
"db": "JUNIPER",
"id": "JSA10872",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007808",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1078",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118242",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-0040",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118242"
},
{
"db": "VULMON",
"id": "CVE-2018-0040"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007808"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1078"
},
{
"db": "NVD",
"id": "CVE-2018-0040"
}
]
},
"id": "VAR-201807-0322",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118242"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:41:48.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10872",
"trust": 0.8,
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10872\u0026actp=METADATA"
},
{
"title": "Juniper Contrail Service Orchestration Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82094"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007808"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1078"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
},
{
"problemtype": "CWE-321",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118242"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007808"
},
{
"db": "NVD",
"id": "CVE-2018-0040"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://kb.juniper.net/jsa10872"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0040"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0040"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118242"
},
{
"db": "VULMON",
"id": "CVE-2018-0040"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007808"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1078"
},
{
"db": "NVD",
"id": "CVE-2018-0040"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118242"
},
{
"db": "VULMON",
"id": "CVE-2018-0040"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007808"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1078"
},
{
"db": "NVD",
"id": "CVE-2018-0040"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-118242"
},
{
"date": "2018-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-0040"
},
{
"date": "2018-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007808"
},
{
"date": "2018-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1078"
},
{
"date": "2018-07-11T18:29:00.917000",
"db": "NVD",
"id": "CVE-2018-0040"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118242"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-0040"
},
{
"date": "2018-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007808"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1078"
},
{
"date": "2024-11-21T03:37:24.690000",
"db": "NVD",
"id": "CVE-2018-0040"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1078"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks Contrail Service Orchestration Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007808"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1078"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…