Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveTalosCVE-2018-4031
HistoryOct 31, 2019 - 9:15 p.m.

CVE-2018-4031

2019-10-3121:15:12
CWE-94
talos
web.nvd.nist.gov
75
2
vulnerability
cujo smart firewall
lua script execution
kernel
http requests
cve-2018-4031

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.004

Percentile

74.6%

JSON

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability.

Affected configurations

Nvd
Vulners
Node
getcujosmart_firewallMatch7003
VendorProductVersionCPE
getcujosmart_firewall7003cpe:2.3:a:getcujo:smart_firewall:7003:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "CUJO",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "CUJO Smart Firewall - Firmware version 7003"
      }
    ]
  }
]

Social References

More

Related

prion 1
talos 1
cvelist 1
nvd 1
threatpost 1
talosblog 1
prion
prion
Cross site request forgery (csrf)
2019-10-31 21:15:00
talos
talos
CUJO Smart Firewall threatd hostname reputation check code execution vulnerability
2019-03-19 00:00:00
cvelist
cvelist
CVE-2018-4031
2019-10-31 20:29:02
nvd
nvd
CVE-2018-4031
2019-10-31 21:15:12
threatpost
threatpost
Host of Flaws Found in CUJO Smart Firewall
2019-03-19 21:43:08
talosblog
talosblog
Vulnerability Spotlight: Multiple Vulnerabilities in CUJO Smart Firewall, Das U-Boot, OCTEON SDK, Webroot BrightCloud
2019-03-19 08:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.004

Percentile

74.6%

JSON
Related for CVE-2018-4031
prion1talos1cvelist1nvd1threatpost1talosblog1