Cisco Talos researchers discovered 11 vulnerabilities in the CUJO Smart Firewall platform which could allow an attacker to ultimately take control of a device by either executing arbitrary code or by uploading and executing unsigned kernels on affected systems.
Researchers found the Firewall was vulnerable to remote code execution, local code execution, smartphone app code execution, device-local verified boot bypass, and safe browsing bypass, attacks, according to a March 19 blog post.
Researchers identified two chains that could be used to execute code remotely without authentication, one of which exploits a vulnerability in the Webroot BrightCloud SDK while the other uses the Lunatik Lua engine in order to execute Lua scripts from within the kernel context.
CUJO AI has provided a system update to resolve these issues and these devices and researchers recommend affected users confirm their devices have been updated as soon as possible to ensure that the devices are no longer affected by these vulnerabilities.