Contrail Cloud: Hardcoded credentials for RabbitMQ service
CVE-2021-0279

8.6HIGH

Key Information:

Vendor: Juniper Networks
Status: Contrail Cloud
Vendor: CVE Published:; 15 July 2021

🔔 Create Juniper Networks Vulnerability Alert

What is CVE-2021-0279?

Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Contrail Cloud < 13.6.0

References

https://kb.juniper.net/JSA11183

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2021
Vulnerability Reserved
Oct 27, 2020

JSON

Juniper Networks