Multiple vulnerabilities in CUJO Smart Firewall
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2018-4030 CVE-2018-4011 CVE-2018-3985 CVE-2018-3969 CVE-2018-3963 CVE-2018-4003 |
| CWE-ID | CWE-444 CWE-191 CWE-415 CWE-264 CWE-77 CWE-122 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
CUJO Smart Firewall Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | CUJO AI |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU21163
Risk: High
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2018-4030
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCUJO Smart Firewall: 7003
CPE2.3 External linkshttps://talosintelligence.com/vulnerability_reports/TALOS-2018-0702
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Integer underflow
EUVDB-ID: #VU21162
Risk: High
CVSSv4.0: 7.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2018-4011
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists because of integer underflow in the "mdnscap" binary when parsing SRV records in an mDNS packet due to the "RDLENGTH" value is handled incorrectly. A remote attacker can send a specially crafted mDNS message to the affected application, trigger integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCUJO Smart Firewall: 7003
CPE2.3 External linkshttps://talosintelligence.com/vulnerability_reports/TALOS-2018-0681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Double Free
EUVDB-ID: #VU21161
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-3985
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the "mdnscap" binary when parsing mDNS packets. A remote attacker can send a specially crafted mDNS message, trigger double free error and execute arbitrary code in the context of the "mdnscap" process.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCUJO Smart Firewall: 7003
CPE2.3 External linkshttps://talosintelligence.com/vulnerability_reports/TALOS-2018-0653
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU21160
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-3969
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient permission restrictions in the verified boot protection. A local user who is able to write into "/config/dhcpd.conf" can add arbitrary shell commands into the "dhcpd.conf" file and execute arbitrary commands on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCUJO Smart Firewall: 7003
CPE2.3 External linkshttps://talosintelligence.com/vulnerability_reports/TALOS-2018-0634
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Command Injection
EUVDB-ID: #VU21159
Risk: Medium
CVSSv4.0: 7.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2018-3963
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCUJO Smart Firewall: 7003
CPE2.3 External linkshttps://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0627
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Heap-based buffer overflow
EUVDB-ID: #VU19605
Risk: High
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2018-4003
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the mdnscap binary. A remote attacker can send a specially crafted mDNS message, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCUJO Smart Firewall: 7003
CPE2.3 External linkshttps://talosintelligence.com/vulnerability_reports/TALOS-2018-0672
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
