What is the severity of CVE-2021-0279?

CVE-2021-0279 is classified as a high-severity vulnerability due to the use of hardcoded credentials in RabbitMQ service.

How do I fix CVE-2021-0279?

To fix CVE-2021-0279, upgrade to Juniper Networks Contrail Cloud version 13.6.0 or later, which removes default hardcoded credentials.

What systems are affected by CVE-2021-0279?

CVE-2021-0279 affects Juniper Networks Contrail Cloud versions prior to 13.6.0.

What is the impact of exploiting CVE-2021-0279?

Exploiting CVE-2021-0279 allows attackers to gain unauthorized access to RabbitMQ services and potentially control Contrail services.

Can CVE-2021-0279 be mitigated without upgrading?

Mitigation for CVE-2021-0279 without upgrading is not recommended, but restricting network access to RabbitMQ could reduce the risk.

Vulnerability/
CVE-2021-0279

high

8.6

CWE

798

14/7/2021

3/8/2024

CVE-2021-0279: Contrail Cloud: Hardcoded credentials for RabbitMQ service

First published: Wed Jul 14 2021(Updated: )

Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper Contrail Cloud	<13.6

Remedy

The following software releases have been updated to resolve this specific issue: Juniper Networks Contrail Cloud version 13.6.0, and all subsequent releases. When installing Contrail Cloud version 13.6.0, to set a non-default password for RabbitMQ, one of these options are possible: a) You may set a non-default password using the config/vault-data.yml file. b) Or following configuration should be added to the CC site.yml file: extra_config: ContrailAnalyticsParameters: ContrailSettings: RABBITMQ_PASSWORD: "{{ vault['other']['credentials']['contrail_rabbit']['password'] }}" RABBITMQ_USER: "{{ vault['other']['credentials']['contrail_rabbit']['user'] }}" ContrailControllerParameters: ContrailSettings: RABBITMQ_PASSWORD: "{{ vault['other']['credentials']['contrail_rabbit']['password'] }}" RABBITMQ_USER: "{{ vault['other']['credentials']['contrail_rabbit']['user'] }}" Contact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary.

Never miss a vulnerability like this again

Reference Links

https://kb.juniper.net/JSA11183

Frequently Asked Questions

What is the severity of CVE-2021-0279?
CVE-2021-0279 is classified as a high-severity vulnerability due to the use of hardcoded credentials in RabbitMQ service.
How do I fix CVE-2021-0279?
To fix CVE-2021-0279, upgrade to Juniper Networks Contrail Cloud version 13.6.0 or later, which removes default hardcoded credentials.
What systems are affected by CVE-2021-0279?
CVE-2021-0279 affects Juniper Networks Contrail Cloud versions prior to 13.6.0.
What is the impact of exploiting CVE-2021-0279?
Exploiting CVE-2021-0279 allows attackers to gain unauthorized access to RabbitMQ services and potentially control Contrail services.
Can CVE-2021-0279 be mitigated without upgrading?
Mitigation for CVE-2021-0279 without upgrading is not recommended, but restricting network access to RabbitMQ could reduce the risk.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/author
agent/severity
agent/weakness
agent/last-modified-date
agent/title
agent/references
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/juniper
canonical/juniper contrail cloud