Skip to main content

Contrail Service Orchestration

6 CVEs product

Monthly

CVE-2022-22189 HIGH This Week

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Contrail Service Orchestration
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2018-0042 CRITICAL Act Now

Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-0041 CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-0040 CRITICAL Act Now

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-0039 CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2018-0038 CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.1%
EPSS 0% CVSS 7.8
HIGH This Week

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Contrail Service Orchestration
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Contrail Service Orchestration
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Authentication Bypass Juniper +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy