Sign-up

ID

VAR-201903-1222


CVE

CVE-2018-3963


TITLE

CUJO Smart Firewall Command injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015158 // CNNVD: CNNVD-201903-641

DESCRIPTION

An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry. CUJOSmartFirewall is a home smart firewall device from CUJO. An attacker could exploit this vulnerability to execute arbitrary system commands

Trust: 2.25

sources: NVD: CVE-2018-3963 // JVNDB: JVNDB-2018-015158 // CNVD: CNVD-2019-12525 // VULHUB: VHN-133994

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-12525

AFFECTED PRODUCTS

vendor:getcujomodel:smart firewallscope:eqversion:7003

Trust: 1.0

vendor:cujo aimodel:smart firewallscope: - version: -

Trust: 0.8

vendor:cujomodel:smart firewallscope:eqversion:7003

Trust: 0.6

sources: CNVD: CNVD-2019-12525 // JVNDB: JVNDB-2018-015158 // NVD: CVE-2018-3963

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3963
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3963
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-3963
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-12525
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-641
value: HIGH

Trust: 0.6

VULHUB: VHN-133994
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-3963
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2018-3963
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-12525
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-133994
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

talos-cna@cisco.com: CVE-2018-3963
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2018-3963
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-12525 // VULHUB: VHN-133994 // JVNDB: JVNDB-2018-015158 // CNNVD: CNNVD-201903-641 // NVD: CVE-2018-3963 // NVD: CVE-2018-3963

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-74

Trust: 0.1

sources: VULHUB: VHN-133994 // JVNDB: JVNDB-2018-015158 // NVD: CVE-2018-3963

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201903-641

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201903-641

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015158

PATCH
title:Top Pageurl:https://www.getcujo.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015158

EXTERNAL IDS
db:NVDid:CVE-2018-3963
Trust: 3.1
db:TALOSid:TALOS-2018-0627
Trust: 2.5
db:JVNDBid:JVNDB-2018-015158
Trust: 0.8
db:CNNVDid:CNNVD-201903-641
Trust: 0.7
db:CNVDid:CNVD-2019-12525
Trust: 0.6
db:NSFOCUSid:43013
Trust: 0.6
db:VULHUBid:VHN-133994
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-12525 // 
            
            
            
            VULHUB: VHN-133994 // 
            
            
            
            JVNDB: JVNDB-2018-015158 // 
            
            
            
            CNNVD: CNNVD-201903-641 // 
            
            
            
            NVD: CVE-2018-3963

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0627
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-3963
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3963
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0627
Trust: 0.6
url:http://www.nsfocus.net/vulndb/43013
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-12525 // 
            
            
            
            VULHUB: VHN-133994 // 
            
            
            
            JVNDB: JVNDB-2018-015158 // 
            
            
            
            CNNVD: CNNVD-201903-641 // 
            
            
            
            NVD: CVE-2018-3963

CREDITS
Claudio Bozzato
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-641

SOURCES
db:CNVDid:CNVD-2019-12525
db:VULHUBid:VHN-133994
db:JVNDBid:JVNDB-2018-015158
db:CNNVDid:CNNVD-201903-641
db:NVDid:CVE-2018-3963

LAST UPDATE DATE
2024-11-23T22:12:08.319000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-12525date:2019-04-28T00:00:00
db:VULHUBid:VHN-133994date:2023-02-02T00:00:00
db:JVNDBid:JVNDB-2018-015158date:2019-05-08T00:00:00
db:CNNVDid:CNNVD-201903-641date:2023-02-03T00:00:00
db:NVDid:CVE-2018-3963date:2024-11-21T04:06:23.670

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-12525date:2019-04-28T00:00:00
db:VULHUBid:VHN-133994date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2018-015158date:2019-05-08T00:00:00
db:CNNVDid:CNNVD-201903-641date:2019-03-19T00:00:00
db:NVDid:CVE-2018-3963date:2019-03-21T16:29:01.563