CVE Vulnerabilities

CVE-2018-0040

Use of Hard-coded Cryptographic Key

Published: Jul 11, 2018 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.

Weakness

The product uses a hard-coded, unchangeable cryptographic key.

Affected Software

Name Vendor Start Version End Version
Contrail_service_orchestration Juniper * 4.0.0 (excluding)

Potential Mitigations

References