CVE-2017-10616
Last modified
CVE-2017-10616 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. EPSS estimates a 1.30% chance of exploitation in the next 30 days.
Description
The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Contrail | 2.2 |
| Juniper | Contrail | 3.0 |
| Juniper | Contrail | 3.1 |
| Juniper | Contrail | 3.2 |
References
- https://kb.juniper.net/JSA10819Vendor Advisory
- https://kb.juniper.net/JSA10819Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-10616?
How severe is CVE-2017-10616?
How do I fix CVE-2017-10616?
Are you affected by CVE-2017-10616?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST