CVE-2018-4030 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Getcujo	Smart Firewall	7003

Related Weaknesses (CWE)

CWE-444

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0702ExploitThird Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0702ExploitThird Party Advisory

FAQ

What is CVE-2018-4030?

CVE-2018-4030 is a vulnerability with a CVSS score of 7.5 (HIGH). An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is i...

How severe is CVE-2018-4030?

CVE-2018-4030 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-4030?

Check the references section above for vendor advisories and patch information. Affected products include: Getcujo Smart Firewall.