CVE-2018-0040

Contrail Service Orchestration: hardcoded cryptographic certificates and keys

CVSS 9.8 CRITICALEPSS 1.4%CWE-321

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Juniper Networks · Contrail Service Orchestration

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://kb.juniper.net/JSA10872