ID CVE-2014-9222
Summary AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
References
Vulnerable Configurations
  • allegrosoft RomPager 4.07
    cpe:2.3:a:allegrosoft:rompager:4.07
CVSS
Base: 10.0 (as of 02-09-2016 - 20:36)
Impact:
Exploitability:
CWE CWE-17
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
metasploit via4
nessus via4
  • NASL family Web Servers
    NASL id ALLEGRO_SOFTWARE_ROMPAGER_MISFORTUNE_COOKIE.NASL
    description Nessus was able to overwrite the request path by sending a specially crafted cookie to the remote web server. It is, therefore, affected by multiple vulnerabilities : - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrative privileges and to possibly conduct attacks against connected devices. (CVE-2014-9222) - A digest authentication buffer overflow flaw exists that allows a remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2014-9223)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80304
    published 2014-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80304
    title Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)
  • NASL family Web Servers
    NASL id ALLEGRO_SOFTWARE_ROMPAGER_WEBSERVER.NASL
    description According to its banner, the remote host is running a version of Allegro Software RomPager 4.07 to 4.33. It is, therefore, affected by multiple vulnerabilities : - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrative privileges and to possibly conduct attacks against connected devices. (CVE-2014-9222) - A digest authentication buffer overflow flaw exists that allows a remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2014-9223)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80228
    published 2014-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80228
    title Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)
packetstorm via4
data source https://packetstormsecurity.com/files/download/136831/rompager-bypass.txt
id PACKETSTORM:136831
last seen 2016-12-05
published 2016-04-27
reporter Milad Doorbash
source https://packetstormsecurity.com/files/136831/RomPager-4.34-Authentication-Bypass.html
title RomPager 4.34 Authentication Bypass
refmap via4
bid 105173
cert-vn VU#561444
confirm
fulldisc 20141219 The Misfortune Cookie Vulnerability
misc http://mis.fortunecook.ie/
the hacker news via4
id THN:DD25FFA8136E5074766665865AA97274
last seen 2018-01-27
modified 2015-01-16
published 2014-12-19
reporter Swati Khandelwal
source https://thehackernews.com/2014/12/router-vulnerability-puts-12-million.html
title Router Vulnerability Puts 12 Million Home and Business Routers at Risk
Last major update 06-09-2016 - 10:04
Published 24-12-2014 - 13:59
Last modified 31-08-2018 - 06:29
Back to Top