CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-3963

HIGH
8.0
CVSS Severity Score
EPSS Score0.1840%
EPSS Percentile14.59th
Published2019年3月21日
Last Modified2024年11月21日

Vulnerability Description

An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.

Affected Platforms (CPE)

📦
Getcujo

Smart Firewall

= 7003

References & Advisories

🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0627
🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0627

関連する脆弱性情報

CVE-2018-403110.0

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the w...

CVE-2018-40039.8

An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The stri...

CVE-2018-39859.8

An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a mem...

CVE-2017-122778.8

A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Fire...