PT-2018-8582 · Juniper Networks+1 · Contrail Service Orchestration+1

Publicado

2018-07-11

Atualizado

2018-09-06

CVE-2018-0038

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Juniper Networks Contrail Service Orchestration versions prior to 3.3.0

Description: The issue allows network-based attackers unauthorized access to information stored in Cassandra due to hardcoded credentials. The Cassandra service is enabled by default in the affected versions.

Recommendations: For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue. As a temporary workaround, consider disabling the Cassandra service or changing the hardcoded credentials to prevent unauthorized access. Restrict access to the Cassandra service to minimize the risk of exploitation.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2018-0038

Produtos afetados

Apache Cassandra

Contrail Service Orchestration

PT-2018-8582 · Juniper Networks+1 · Contrail Service Orchestration+1

CVE-2018-0038

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3