10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.8%
The remote host is running RomPager, an embedded web server most often used to provide web administration capabilities for networked printers, network switches, and other devices.
Versions of RomPager 4.07 and prior to 4.34 are potentially affected by multiple issues :
A buffer overflow vulnerability exists because the RomPager web server fails to perform adequate bounds checks on user-supplied input. Attackers can exploit this issue to execute arbitrary code with the privileged access of RomPager.(CVE-2014-9223)
A security bypass vulnerability exists due to an error within the HTTP cookie management mechanism (aka, the ‘Misfortune Cookie’ issue) which could allow any user to determine the ‘fortune’ of a request by manipulating cookies. An attacker can exploit this issue to corrupt memory and alter the application state by sending specially crafted HTTP cookies. This could be exploited to gain the administrative privileges for the current session by tricking the attacked device. (CVE-2014-9222)
Note: The ‘Misfortune Cookie’ vulnerability only applies if the cookie feature has been enabled on the RomPager server. Furthermore, some sources indicate that these vulnerabilities can be patched while not affecting or increasing the self-reported RomPager version in the banner.
Binary data 8614.prm
Vendor | Product | Version | CPE |
---|---|---|---|
allegrosoft | rompager | cpe:/a:allegrosoft:rompager |