Vulnerability Details : CVE-2014-9222
Public exploit exists!
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Vulnerability category: Memory Corruption
Threat overview for CVE-2014-9222
Top countries where our scanners detected CVE-2014-9222
Top open port discovered on systems with this issue
80
IPs affected by CVE-2014-9222 1,157
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-9222!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-9222
97.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-9222
-
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass
Disclosure Date: 2014-12-17First seen: 2020-04-26auxiliary/admin/http/allegro_rompager_auth_bypassThis module exploits HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without provid -
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner
Disclosure Date: 2014-12-17First seen: 2020-04-26auxiliary/scanner/http/allegro_rompager_misfortune_cookieThis module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing val
CVSS scores for CVE-2014-9222
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-9222
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9222
-
http://mis.fortunecook.ie/
Misfortune Cookie by Check PointTechnical Description;Third Party Advisory
-
http://seclists.org/fulldisclosure/2014/Dec/87
Full Disclosure: The Misfortune Cookie VulnerabilityMailing List;Third Party Advisory
-
https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html
"Misfortune Cookie" - Allegro Software Urges Manufacturers To Maintain Device Security - Allegro Software Development Corporation - Secure Software for the Internet of ThingsThird Party Advisory
-
http://www.securityfocus.com/bid/105173
Qualcomm Life Multiple Products CVE-2014-9222 Remote Code Execution Vulnerability
-
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm
Security Advisory-Multiple Vulnerabilities in the RomPager Component of Home GatewayVendor Advisory
-
http://www.kb.cert.org/vuls/id/561444
VU#561444 - Multiple broadband routers use vulnerable versions of Allegro RomPagerThird Party Advisory;US Government Resource
Products affected by CVE-2014-9222
- cpe:2.3:a:allegrosoft:rompager:*:*:*:*:*:*:*:*