Lucene search

TalosCVELIST:CVE-2018-3985

HistoryMar 21, 2019 - 3:30 p.m.

CVE-2018-3985

2019-03-2115:30:19

talos

www.cve.org

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

9.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.6%

JSON

An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

CNA Affected

[
  {
    "product": "CUJO",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "CUJO Smart Firewall - Firmware version 7003"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2018-0653

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

9.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.6%

JSON

Related for CVELIST:CVE-2018-3985