Lucene search

TalosCVELIST:CVE-2018-4003

HistoryMar 21, 2019 - 3:05 p.m.

CVE-2018-4003

2019-03-2115:05:44

talos

www.cve.org

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

9.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

CNA Affected

[
  {
    "product": "CUJO",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "CUJO Smart Firewall - Firmware version 7003"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2018-0672

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

9.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for CVELIST:CVE-2018-4003