Vulnerabilities > CVE-2018-4003 - Out-of-bounds Write vulnerability in Getcujo Smart Firewall 7003

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

getcujo

CWE-787

critical

NVD

Published: 2019-03-21

Updated: 2023-02-03

Summary

An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Getcujo Getcujo Smart Firewall 7003	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2018-0672
last seen	2019-05-29
published	2019-03-19
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0672
title	CUJO Smart Firewall mdnscap mDNS character-strings code execution vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0672