Detections
Analytics

Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)

critical Nessus Plugin ID 80304

Language:

Synopsis

The remote host is affected by multiple remote code execution vulnerabilities.

Description

Nessus was able to overwrite the request path by sending a specially crafted cookie to the remote web server. It is, therefore, affected by multiple vulnerabilities :

 - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrative privileges and to possibly conduct attacks against connected devices.
 (CVE-2014-9222)

 - A digest authentication buffer overflow flaw exists that allows a remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2014-9223)

Solution

Contact the vendor for an updated firmware image. Allegro addressed both issues in mid-2005 with RomPager version 4.34.

See Also

http://www.nessus.org/u?bb698969

http://www.nessus.org/u?2647cb4a

http://www.nessus.org/u?946b7793

http://www.nessus.org/u?22cba06d

Plugin Details

Severity: Critical

ID: 80304

File Name: allegro_software_rompager_misfortune_cookie.nasl

Version: 1.11

Type: remote

Family: Web Servers

Published: 12/30/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:allegrosoft:rompager

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 7/1/2005

Vulnerability Publication Date: 12/18/2014

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2014-9222, CVE-2014-9223

BID: 71744, 71756

CERT: 561444