Vulnerability-Lookup

CNVD-2019-07790

Vulnerability from cnvd - Published: 2019-03-22

Title

CUJO Smart Firewall整数溢出漏洞

Description

CUJO Smart Firewall是美国CUJO公司的一款家庭智能防火墙设备。使用7003版本固件的CUJO Smart Firewall中的mdnscap二进制文件存在整数溢出漏洞，该漏洞源于在解析mDNS数据包中的SRV记录时，程序未能正确地处理‘RDLENGTH’值。攻击者可通过发送mDNS消息利用该漏洞造成mdnscap进程崩溃。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

https://www.getcujo.com/

Reference

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0681

Impacted products

Name
CUJO Smart Firewall 7003

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4011"
    }
  },
  "description": "CUJO Smart Firewall\u662f\u7f8e\u56fdCUJO\u516c\u53f8\u7684\u4e00\u6b3e\u5bb6\u5ead\u667a\u80fd\u9632\u706b\u5899\u8bbe\u5907\u3002\n\n\u4f7f\u75287003\u7248\u672c\u56fa\u4ef6\u7684CUJO Smart Firewall\u4e2d\u7684mdnscap\u4e8c\u8fdb\u5236\u6587\u4ef6\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u89e3\u6790mDNS\u6570\u636e\u5305\u4e2d\u7684SRV\u8bb0\u5f55\u65f6\uff0c\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u5904\u7406\u2018RDLENGTH\u2019\u503c\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001mDNS\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210mdnscap\u8fdb\u7a0b\u5d29\u6e83\u3002",
  "discovererName": "Claudio Bozzato of Cisco Talos",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttps://www.getcujo.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-07790",
  "openTime": "2019-03-22",
  "products": {
    "product": "CUJO Smart Firewall 7003"
  },
  "referenceLink": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0681",
  "serverity": "\u4e2d",
  "submitTime": "2019-03-20",
  "title": "CUJO Smart Firewall\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2018-4011 (GCVE-0-2018-4011)

Vulnerability from cvelistv5 – Published: 2019-03-21 15:42 – Updated: 2024-08-05 04:57

Summary

An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

Severity

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE

integer underflow

Assigner

talos

References

1 reference

URL	Tags
https://talosintelligence.com/vulnerability_repor…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	CUJO	Affected: CUJO Smart Firewall - Firmware version 7003

Date Public

2019-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:57:24.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0681"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CUJO",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "CUJO Smart Firewall - Firmware version 7003"
            }
          ]
        }
      ],
      "datePublic": "2019-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the \"RDLENGTH\" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "integer underflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:08:04.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0681"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2018-4011",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CUJO",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "CUJO Smart Firewall - Firmware version 7003"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the \"RDLENGTH\" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "integer underflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0681",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0681"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2018-4011",
    "datePublished": "2019-03-21T15:42:40.000Z",
    "dateReserved": "2018-01-02T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:57:24.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-07790

CVE-2018-4011 (GCVE-0-2018-4011)

Tags

Sightings

Nomenclature