Описание
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.0 (исключая)
cpe:2.3:a:juniper:contrail_service_orchestration:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00247
Низкий
6.5 Medium
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-561
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.
EPSS
Процентиль: 48%
0.00247
Низкий
6.5 Medium
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-561
CWE-798