Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2014 Greenbone AGOPENVAS:1361412562310105154
HistoryDec 23, 2014 - 12:00 a.m.

Allegro RomPager `Misfortune Cookie` Vulnerability

2014-12-2300:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
93

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.97 High

EPSS

Percentile

99.8%

JSON

The remote Allegro RomPager service is vulnerable to the Misfortune Cookie Vulnerability.

# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:allegrosoft:rompager";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105154");
  script_cve_id("CVE-2014-9222");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_version("2023-07-27T05:05:08+0000");

  script_name("Allegro RomPager `Misfortune Cookie` Vulnerability");

  script_xref(name:"URL", value:"http://mis.fortunecook.ie/");
  script_xref(name:"URL", value:"http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf");

  script_tag(name:"vuldetect", value:"Send a HTTP GET request with a special crafted cookie and check the response.");

  script_tag(name:"solution", value:"Firmware update is available.");

  script_tag(name:"summary", value:"The remote Allegro RomPager service is vulnerable to the `Misfortune Cookie` Vulnerability.");

  script_tag(name:"affected", value:"RomPager services with versions before 4.34");

  script_tag(name:"last_modification", value:"2023-07-27 05:05:08 +0000 (Thu, 27 Jul 2023)");
  script_tag(name:"creation_date", value:"2014-12-23 10:22:44 +0100 (Tue, 23 Dec 2014)");
  script_category(ACT_ATTACK);
  script_tag(name:"qod_type", value:"remote_vul");
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2014 Greenbone AG");
  script_dependencies("gb_allegro_rompager_detect.nasl");
  script_require_ports("Services/www", 7547);
  script_mandatory_keys("allegro/rompager/detected");

  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("http_func.inc");
include("host_details.inc");
include("http_keepalive.inc");
include("misc_func.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! get_app_location( cpe:CPE, port:port, nofork:TRUE ) )
  exit( 0 );

vtstrings = get_vt_strings();
url = '/tr069';
rand = '/' + vtstrings["lowercase_rand"];
cookie = 'C107373883=' + rand;

if( http_vuln_check( port:port, url:url, pattern:rand, extra_check:'was not found on the RomPager', cookie:cookie ) ) {
  report = http_report_vuln_url( port:port, url:url );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

kitploit 1
threatpost 2
checkpoint_advisories 1
seebug 2
nvd 1
prion 1
cve 1
ics 1
canvas 1
metasploit 2
thn 1
cvelist 1
nessus 3
cert 1
packetstorm 1
huawei 1
exploitpack 1
nmap 1
exploitdb 1
kitploit
kitploit
hacklib - Pentesting, Port Scanning, and Logging in anywhere with Python
2016-10-05 14:30:00
threatpost
threatpost
Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety
2018-08-30 13:34:37
New Mirai Variant Roars into Action With 54 Hour DDoS Attacks
2017-03-30 14:50:51
checkpoint_advisories
checkpoint_advisories
RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)
2014-12-03 00:00:00
seebug
seebug
Allegro v4.34 权限提升漏洞
2015-05-07 00:00:00
Eir’s D1000 Modem Is Wide Open To Being Hacked.
2017-12-28 00:00:00
nvd
nvd
CVE-2014-9222
2014-12-24 18:59:06
prion
prion
Memory corruption
2014-12-24 18:59:00
cve
cve
CVE-2014-9222
2014-12-24 18:59:06
ics
ics
Qualcomm Life Capsule
2018-08-28 12:00:00
canvas
canvas
Immunity Canvas: CVE_2014_9222
2014-12-24 18:59:00
metasploit
metasploit
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass
2016-11-13 09:39:26
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner
2014-12-19 01:21:26
thn
thn
Router Vulnerability Puts 12 Million Home and Business Routers at Risk
2014-12-19 02:18:00
cvelist
cvelist
CVE-2014-9222
2014-12-24 18:00:00
nessus
nessus
Allegro RomPager 4.07 < 4.34 Multiple Vulnerabilities (Misfortune Cookie)
2015-02-20 00:00:00
Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)
2014-12-30 00:00:00
Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)
2014-12-24 00:00:00
cert
cert
Multiple broadband routers use vulnerable versions of Allegro RomPager
2014-12-19 00:00:00
packetstorm
packetstorm
RomPager 4.34 Authentication Bypass
2016-04-27 00:00:00
huawei
huawei
Security Advisory-Multiple Vulnerabilities in the RomPager Component of Home Gateway
2014-12-19 00:00:00
exploitpack
exploitpack
RomPager 4.34 (Multiple Router Vendors) - Misfortune Cookie Authentication Bypass
2016-04-27 00:00:00
nmap
nmap
http-vuln-misfortune-cookie NSE Script
2015-05-31 18:34:22
exploitdb
exploitdb
RomPager 4.34 (Multiple Router Vendors) - &#039;Misfortune Cookie&#039; Authentication Bypass
2016-04-27 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.97 High

EPSS

Percentile

99.8%

JSON
Related for OPENVAS:1361412562310105154
kitploit1threatpost2checkpoint_advisories1seebug2nvd1prion1cve1ics1canvas1metasploit2thn1cvelist1nessus3cert1packetstorm1huawei1exploitpack1nmap1exploitdb1