Details of VAR-201903-1227

ID

VAR-201903-1227

CVE

CVE-2018-4011

TITLE

CUJO Smart Firewall Integer underflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015145

DESCRIPTION

An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. CUJO Smart Firewall is a home intelligent firewall device produced by CUJO Company in the United States

Trust: 1.71

sources: NVD: CVE-2018-4011 // JVNDB: JVNDB-2018-015145 // VULHUB: VHN-134042

AFFECTED PRODUCTS

vendor:	getcujo	model:	smart firewall	scope:	eq	version:	7003	Trust: 1.0
vendor:	cujo ai	model:	smart firewall	scope:	eq	version:	7003	Trust: 0.8

sources: JVNDB: JVNDB-2018-015145 // NVD: CVE-2018-4011

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4011
value:	HIGH
Trust: 1.0
talos-cna@cisco.com:	CVE-2018-4011
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4011
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-644
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134042
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4011
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134042
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4011
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2018-4011
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.0
Trust: 1.0
NVD:	CVE-2018-4011
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-134042 // JVNDB: JVNDB-2018-015145 // CNNVD: CNNVD-201903-644 // NVD: CVE-2018-4011 // NVD: CVE-2018-4011

PROBLEMTYPE DATA

problemtype:

CWE-191

Trust: 1.9

sources: VULHUB: VHN-134042 // JVNDB: JVNDB-2018-015145 // NVD: CVE-2018-4011

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-644

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201903-644

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015145

PATCH

title:

Top Page

url:

https://www.getcujo.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-015145

EXTERNAL IDS

db:	TALOS	id:	TALOS-2018-0681	Trust: 2.5
db:	NVD	id:	CVE-2018-4011	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-015145	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-644	Trust: 0.7
db:	NSFOCUS	id:	43012	Trust: 0.6
db:	VULHUB	id:	VHN-134042	Trust: 0.1

sources: VULHUB: VHN-134042 // JVNDB: JVNDB-2018-015145 // CNNVD: CNNVD-201903-644 // NVD: CVE-2018-4011

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0681	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4011	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4011	Trust: 0.8
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0681	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43012	Trust: 0.6

sources: VULHUB: VHN-134042 // JVNDB: JVNDB-2018-015145 // CNNVD: CNNVD-201903-644 // NVD: CVE-2018-4011

CREDITS

Claudio Bozzato ?? ??,Discovered by Claudio Bozzato of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-201903-644

SOURCES

db:	VULHUB	id:	VHN-134042
db:	JVNDB	id:	JVNDB-2018-015145
db:	CNNVD	id:	CNNVD-201903-644
db:	NVD	id:	CVE-2018-4011

LAST UPDATE DATE

2024-11-23T21:52:23.050000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134042	date:	2023-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-015145	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-644	date:	2019-04-03T00:00:00
db:	NVD	id:	CVE-2018-4011	date:	2024-11-21T04:06:29.580

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134042	date:	2019-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-015145	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-644	date:	2019-03-19T00:00:00
db:	NVD	id:	CVE-2018-4011	date:	2019-03-21T16:29:01.720