Contrail: hard coded credentials
CVE-2017-10616

5.3MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Contrail
Vendor: CVE Published:; 13 October 2017

Badges

👾 Exploit Exists

Summary

The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

Affected Version(s)

Contrail 2.2 < 2.21.4

Contrail 3.0 < 3.0.3.4

Contrail 3.1 < 3.1.4.0

References

https://kb.juniper.net/JSA10819

https://github.com/orangecertcc/security-research/securit...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Oct 13, 2017
Vulnerability Reserved
Jun 28, 2017

Credit

Guillaume TEISSIER / Orange for responsibly reporting this vulnerability.