Sign-up

ID

VAR-201910-1512


CVE

CVE-2018-4031


TITLE

CUJO Smart Firewall Code injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-016139 // CNNVD: CNNVD-201903-649

DESCRIPTION

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability. CUJO Smart Firewall Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CUJO Smart Firewall is a home intelligent firewall device produced by CUJO Company in the United States

Trust: 1.8

sources: NVD: CVE-2018-4031 // JVNDB: JVNDB-2018-016139 // VULHUB: VHN-134062 // VULMON: CVE-2018-4031

AFFECTED PRODUCTS

vendor:getcujomodel:smart firewallscope:eqversion:7003

Trust: 1.0

vendor:cujo aimodel:smart firewallscope:eqversion:7003

Trust: 0.8

sources: JVNDB: JVNDB-2018-016139 // NVD: CVE-2018-4031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4031
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2018-4031
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-4031
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201903-649
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134062
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4031
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4031
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134062
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4031
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2018-4031
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2018-4031
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-134062 // VULMON: CVE-2018-4031 // JVNDB: JVNDB-2018-016139 // CNNVD: CNNVD-201903-649 // NVD: CVE-2018-4031 // NVD: CVE-2018-4031

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-134062 // JVNDB: JVNDB-2018-016139 // NVD: CVE-2018-4031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-649

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201903-649

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016139

PATCH
title:Top Pageurl:https://cujo.com/
Trust: 0.8
title:Threatposturl:https://threatpost.com/host-of-flaws-found-in-cujo-smart-firewall/142966/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-4031 // 
            
            
            
            JVNDB: JVNDB-2018-016139

EXTERNAL IDS
db:NVDid:CVE-2018-4031
Trust: 2.6
db:TALOSid:TALOS-2018-0703
Trust: 2.6
db:JVNDBid:JVNDB-2018-016139
Trust: 0.8
db:CNNVDid:CNNVD-201903-649
Trust: 0.7
db:NSFOCUSid:43011
Trust: 0.6
db:VULHUBid:VHN-134062
Trust: 0.1
db:VULMONid:CVE-2018-4031
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134062 // 
            
            
            
            VULMON: CVE-2018-4031 // 
            
            
            
            JVNDB: JVNDB-2018-016139 // 
            
            
            
            CNNVD: CNNVD-201903-649 // 
            
            
            
            NVD: CVE-2018-4031

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0703
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-4031
Trust: 1.4
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0703
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4031
Trust: 0.8
url:http://www.nsfocus.net/vulndb/43011
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/158383
Trust: 0.1
url:https://threatpost.com/host-of-flaws-found-in-cujo-smart-firewall/142966/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134062 // 
            
            
            
            VULMON: CVE-2018-4031 // 
            
            
            
            JVNDB: JVNDB-2018-016139 // 
            
            
            
            CNNVD: CNNVD-201903-649 // 
            
            
            
            NVD: CVE-2018-4031

CREDITS
Discovered by Claudio Bozzato of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-649

SOURCES
db:VULHUBid:VHN-134062
db:VULMONid:CVE-2018-4031
db:JVNDBid:JVNDB-2018-016139
db:CNNVDid:CNNVD-201903-649
db:NVDid:CVE-2018-4031

LAST UPDATE DATE
2024-11-23T22:41:18.676000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134062date:2019-11-06T00:00:00
db:VULMONid:CVE-2018-4031date:2019-11-06T00:00:00
db:JVNDBid:JVNDB-2018-016139date:2019-11-12T00:00:00
db:CNNVDid:CNNVD-201903-649date:2022-04-20T00:00:00
db:NVDid:CVE-2018-4031date:2024-11-21T04:06:33.670

SOURCES RELEASE DATE
db:VULHUBid:VHN-134062date:2019-10-31T00:00:00
db:VULMONid:CVE-2018-4031date:2019-10-31T00:00:00
db:JVNDBid:JVNDB-2018-016139date:2019-11-12T00:00:00
db:CNNVDid:CNNVD-201903-649date:2019-03-19T00:00:00
db:NVDid:CVE-2018-4031date:2019-10-31T21:15:12.357