{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T17:32:14.762","vulnerabilities":[{"cve":{"id":"CVE-2018-4031","sourceIdentifier":"talos-cna@cisco.com","published":"2019-10-31T21:15:12.357","lastModified":"2024-11-21T04:06:33.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP\/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability."},{"lang":"es","value":"Se presenta una vulnerabilidad explotable en la función safe browsing del CUJO Smart Firewall, versión 7003. El fallo radica en la manera en que la función safe browsing analiza las peticiones HTTP. El nombre de host del servidor es extraído de las peticiones HTTP\/HTTPS capturadas y es insertado como parte de una sentencia Lua sin saneamiento previo, lo que resulta en una ejecución de script Lua arbitraria en el kernel. Un atacante podría enviar una petición HTTP para explotar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:L\/Au:N\/C:C\/I:C\/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getcujo:smart_firewall:7003:*:*:*:*:*:*:*","matchCriteriaId":"5447DD61-D8B9-4829-976A-A3B09FFE7974"}]}]}],"references":[{"url":"https:\/\/talosintelligence.com\/vulnerability_reports\/TALOS-2018-0703","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/talosintelligence.com\/vulnerability_reports\/TALOS-2018-0703","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}