### [CVE-2017-10616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10616)
![](https://img.shields.io/static/v1?label=Product&message=Contrail&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.2%3C%202.21.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=hardcoded%20credential&color=brighgreen)

### Description

The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

### POC

#### Reference
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-qx9c-49m4-f3vj

#### Github
- https://github.com/gteissier/CVE-2017-10617