Main Vulnerability Database Vulnerabilities #VU21159

#VU21159 Command Injection in CUJO Smart Firewall - CVE-2018-3963

Published: September 17, 2019

Vulnerability identifier: #VU21159

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2018-3963

CWE-ID: CWE-77

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
CUJO Smart Firewall

Software vendor:
CUJO AI

Description

The vulnerability allows a local user to execute arbitrary commands on the target system.

The vulnerability exists due to insufficient validation of user-supplied input in the DHCP daemon configuration. A local authenticated user can send a DHCP request message, set up the corresponding static DHCP entry and execute arbitrary system commands on the target system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0627

#VU21159 Command Injection in CUJO Smart Firewall - CVE-2018-3963

Description

Remediation

External links

Please verify you're human