CVE-2018-0039

Name of the Vulnerable Software and Affected Versions: Juniper Networks Contrail Service Orchestration versions prior to 4.0.0

Description: The issue concerns hardcoded credentials in the Grafana service, which is enabled by default. These credentials can be exploited by network-based attackers to gain unauthorized access to information stored in Grafana or to exploit other weaknesses in Grafana.

Recommendations: For versions prior to 4.0.0, update to version 4.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the Grafana service until a patch is available. Restrict access to the Grafana interface to minimize the risk of exploitation. Avoid using the default hardcoded credentials in the affected versions.