Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)

critical Nessus Plugin ID 80304

Language:

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 7.4

Synopsis

The remote host is affected by multiple remote code execution vulnerabilities.

Description

Nessus was able to overwrite the request path by sending a specially crafted cookie to the remote web server. It is, therefore, affected by multiple vulnerabilities :

 - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrative privileges and to possibly conduct attacks against connected devices.
 (CVE-2014-9222)

 - A digest authentication buffer overflow flaw exists that allows a remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2014-9223)

Solution

Contact the vendor for an updated firmware image. Allegro addressed both issues in mid-2005 with RomPager version 4.34.

See Also

http://www.nessus.org/u?22cba06d

http://www.nessus.org/u?bb698969

http://www.nessus.org/u?2647cb4a

http://www.nessus.org/u?946b7793

Plugin Details

Severity: Critical

ID: 80304

File Name: allegro_software_rompager_misfortune_cookie.nasl

Version: 1.11

Type: remote

Family: Web Servers

Published: 12/30/2014

Updated: 11/15/2018

Dependencies: 10107

Risk Information

Risk Factor: Critical

VPR Score: 7.4

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:allegrosoft:rompager:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 7/1/2005

Vulnerability Publication Date: 12/18/2014

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2014-9222, CVE-2014-9223

BID: 71756, 71744

CERT: 561444