Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-0279

Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0.

Published

2021-07-15T20:15:09.543

Last Modified

2024-11-21T05:42:23.320

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-798
Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	juniper	contrail_cloud	< 13.6	Yes

References

https://kb.juniper.net/JSA11183 Vendor Advisory ([email protected])
https://kb.juniper.net/JSA11183 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)