CVE-2018-0038
First published: Wed Jul 11 2018(Updated: )
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Contrail Service Orchestration | <3.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-0038?
CVE-2018-0038 is classified as a critical severity vulnerability due to hardcoded credentials allowing unauthorized access to sensitive data.
How do I fix CVE-2018-0038?
To fix CVE-2018-0038, upgrade to Juniper Contrail Service Orchestration version 3.3.0 or later where the vulnerability is resolved.
What systems are impacted by CVE-2018-0038?
CVE-2018-0038 affects Juniper Networks Contrail Service Orchestration releases prior to version 3.3.0.
Can CVE-2018-0038 be exploited remotely?
Yes, CVE-2018-0038 can be exploited remotely by attackers on the network due to the exposure of hardcoded credentials.
What data is at risk with CVE-2018-0038?
CVE-2018-0038 puts the information stored in the Cassandra database at risk, potentially allowing unauthorized access to sensitive information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/juniper
- canonical/juniper contrail service orchestration