Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveTalosCVE-2018-4002
HistoryOct 31, 2019 - 9:15 p.m.

CVE-2018-4002

2019-10-3121:15:12
CWE-674
talos
web.nvd.nist.gov
69
cve-2018-4002
denial-of-service
mdnscap
cujo smart firewall
firmware 7003
mdns packets
label compression pointers
unauthenticated attacker

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.3%

JSON

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

Affected configurations

Nvd
Vulners
Node
cujosmart_firewall_firmwareMatch7003
AND
cujosmart_firewallMatch-
VendorProductVersionCPE
cujosmart_firewall_firmware7003cpe:2.3:o:cujo:smart_firewall_firmware:7003:*:*:*:*:*:*:*
cujosmart_firewall-cpe:2.3:h:cujo:smart_firewall:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "CUJO",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "CUJO Smart Firewall - Firmware version 7003"
      }
    ]
  }
]

Related

cvelist 1
prion 1
talos 1
nvd 1
talosblog 1
cvelist
cvelist
CVE-2018-4002
2019-10-31 20:37:17
prion
prion
Denial of service
2019-10-31 21:15:00
talos
talos
CUJO Smart Firewall mdnscap mDNS label compression denial-of-service vulnerability
2019-03-19 00:00:00
nvd
nvd
CVE-2018-4002
2019-10-31 21:15:12
talosblog
talosblog
Vulnerability Spotlight: Multiple Vulnerabilities in CUJO Smart Firewall, Das U-Boot, OCTEON SDK, Webroot BrightCloud
2019-03-19 08:00:00

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.3%

JSON
Related for CVE-2018-4002
cvelist1prion1talos1nvd1talosblog1