CVE-2018-0040: Contrail Service Orchestration: hardcoded cryptographic certificates and keys
First published: Wed Jul 11 2018(Updated: )
Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Contrail Service Orchestration | <4.0.0 |
Remedy
This issue is fixed in Contrail Service Orchestration 4.0.0 and subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-0040?
CVE-2018-0040 has been assigned a high severity rating due to the risk of unauthorized access it introduces.
How do I fix CVE-2018-0040?
To remediate CVE-2018-0040, upgrade to Juniper Networks Contrail Service Orchestrator version 4.0.0 or later.
What causes CVE-2018-0040?
CVE-2018-0040 is caused by the use of hardcoded cryptographic certificates and keys in affected software versions.
Which versions of Juniper Contrail Service Orchestrator are affected by CVE-2018-0040?
CVE-2018-0040 affects all versions of Juniper Contrail Service Orchestrator prior to 4.0.0.
What type of attackers can exploit CVE-2018-0040?
Network-based attackers can exploit CVE-2018-0040 to gain unauthorized access to services.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/source
- vendor/juniper
- canonical/juniper contrail service orchestration