Sign-up

ID

VAR-201903-1226


CVE

CVE-2018-4003


TITLE

CUJO Smart Firewall Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015143 // CNNVD: CNNVD-201903-662

DESCRIPTION

An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. CUJO Smart Firewall Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CUJOSmartFirewall is a home smart firewall device from CUJO

Trust: 2.25

sources: NVD: CVE-2018-4003 // JVNDB: JVNDB-2018-015143 // CNVD: CNVD-2019-07795 // VULHUB: VHN-134034

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-07795

AFFECTED PRODUCTS

vendor:getcujomodel:smart firewallscope:eqversion:7003

Trust: 1.0

vendor:cujo aimodel:smart firewallscope:eqversion:7003

Trust: 0.8

vendor:cujomodel:smart firewallscope:eqversion:7003

Trust: 0.6

sources: CNVD: CNVD-2019-07795 // JVNDB: JVNDB-2018-015143 // NVD: CVE-2018-4003

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4003
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2018-4003
value: HIGH

Trust: 1.0

NVD: CVE-2018-4003
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-07795
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-662
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134034
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4003
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-07795
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-134034
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4003
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2018-4003
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.7
version: 3.0

Trust: 1.0

NVD: CVE-2018-4003
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-07795 // VULHUB: VHN-134034 // JVNDB: JVNDB-2018-015143 // CNNVD: CNNVD-201903-662 // NVD: CVE-2018-4003 // NVD: CVE-2018-4003

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-134034 // JVNDB: JVNDB-2018-015143 // NVD: CVE-2018-4003

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-662

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-662

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015143

PATCH
title:Top Pageurl:https://www.getcujo.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015143

EXTERNAL IDS
db:NVDid:CVE-2018-4003
Trust: 3.1
db:TALOSid:TALOS-2018-0672
Trust: 3.1
db:JVNDBid:JVNDB-2018-015143
Trust: 0.8
db:CNNVDid:CNNVD-201903-662
Trust: 0.7
db:CNVDid:CNVD-2019-07795
Trust: 0.6
db:NSFOCUSid:43007
Trust: 0.6
db:VULHUBid:VHN-134034
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-07795 // 
            
            
            
            VULHUB: VHN-134034 // 
            
            
            
            JVNDB: JVNDB-2018-015143 // 
            
            
            
            CNNVD: CNNVD-201903-662 // 
            
            
            
            NVD: CVE-2018-4003

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0672
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-4003
Trust: 1.4
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0672
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4003
Trust: 0.8
url:http://www.nsfocus.net/vulndb/43007
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-07795 // 
            
            
            
            VULHUB: VHN-134034 // 
            
            
            
            JVNDB: JVNDB-2018-015143 // 
            
            
            
            CNNVD: CNNVD-201903-662 // 
            
            
            
            NVD: CVE-2018-4003

CREDITS
Claudio Bozzato ?? ??,Discovered by Claudio Bozzato of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-662

SOURCES
db:CNVDid:CNVD-2019-07795
db:VULHUBid:VHN-134034
db:JVNDBid:JVNDB-2018-015143
db:CNNVDid:CNNVD-201903-662
db:NVDid:CVE-2018-4003

LAST UPDATE DATE
2024-11-23T22:17:06.798000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-07795date:2019-03-22T00:00:00
db:VULHUBid:VHN-134034date:2023-02-03T00:00:00
db:JVNDBid:JVNDB-2018-015143date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-662date:2020-08-25T00:00:00
db:NVDid:CVE-2018-4003date:2024-11-21T04:06:28.567

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-07795date:2019-03-22T00:00:00
db:VULHUBid:VHN-134034date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2018-015143date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-662date:2019-03-20T00:00:00
db:NVDid:CVE-2018-4003date:2019-03-21T16:29:01.673