Allegro RomPager 4.07 < 4.34 Multiple Vulnerabilities (Misfortune Cookie)
Critical Nessus Network Monitor Plugin ID 8614
SynopsisAccording to its banner, the remote host is running an embedded web server which may be vulnerable to multiple attack vectors.
DescriptionThe remote host is running RomPager, an embedded web server most often used to provide web administration capabilities for networked printers, network switches, and other devices.
Versions of RomPager 4.07 and prior to 4.34 are potentially affected by multiple issues :
- A buffer overflow vulnerability exists because the RomPager web server fails to perform adequate bounds checks on user-supplied input. Attackers can exploit this issue to execute arbitrary code with the privileged access of RomPager.(CVE-2014-9223)
- A security bypass vulnerability exists due to an error within the HTTP cookie management mechanism (aka, the 'Misfortune Cookie' issue) which could allow any user to determine the 'fortune' of a request by manipulating cookies. An attacker can exploit this issue to corrupt memory and alter the application state by sending specially crafted HTTP cookies. This could be exploited to gain the administrative privileges for the current session by tricking the attacked device. (CVE-2014-9222)
Note: The 'Misfortune Cookie' vulnerability only applies if the cookie feature has been enabled on the RomPager server. Furthermore, some sources indicate that these vulnerabilities can be patched while not affecting or increasing the self-reported RomPager version in the banner.
SolutionContact the vendor for an updated firmware image. Allegro addressed both issues in mid-2005 with RomPager version 4.34.