cvelistv5 - CVE-2014-9222

CVE-2014-9222 (GCVE-0-2014-9222)

Vulnerability from cvelistv5 – Published: 2014-12-24 18:00 – Updated: 2024-08-06 13:40

Summary

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://mis.fortunecook.ie/	x_refsource_MISC
	http://www.huawei.com/en/security/psirt/security-…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105173	vdb-entryx_refsource_BID
	https://www.allegrosoft.com/allegro-software-urge…	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2014/Dec/87	mailing-listx_refsource_FULLDISC
	http://www.kb.cert.org/vuls/id/561444	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:24.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://mis.fortunecook.ie/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
          },
          {
            "name": "105173",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105173"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
          },
          {
            "name": "20141219 The Misfortune Cookie Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/87"
          },
          {
            "name": "VU#561444",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/561444"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://mis.fortunecook.ie/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
        },
        {
          "name": "105173",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105173"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
        },
        {
          "name": "20141219 The Misfortune Cookie Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/87"
        },
        {
          "name": "VU#561444",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/561444"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://mis.fortunecook.ie/",
              "refsource": "MISC",
              "url": "http://mis.fortunecook.ie/"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
            },
            {
              "name": "105173",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105173"
            },
            {
              "name": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html",
              "refsource": "CONFIRM",
              "url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
            },
            {
              "name": "20141219 The Misfortune Cookie Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/87"
            },
            {
              "name": "VU#561444",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/561444"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9222",
    "datePublished": "2014-12-24T18:00:00",
    "dateReserved": "2014-12-02T00:00:00",
    "dateUpdated": "2024-08-06T13:40:24.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:allegrosoft:rompager:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.07\", \"matchCriteriaId\": \"FDBB61DF-D173-4046-B619-C762147742A8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \\\"Misfortune Cookie\\\" vulnerability.\"}, {\"lang\": \"es\", \"value\": \"AllegroSoft RomPager 4.34 y anteriores, utilizado en productos Huawei Home Gateway y otros proveedores y productos, permite a atacantes remotos obtener privilegios a trav\\u00e9s de una cookie modificada que provoca una corrupci\\u00f3n en memoria, tambi\\u00e9n conocido como la vulnerabilidad \u0027Misfortune Cookie\u0027\"}]",
      "id": "CVE-2014-9222",
      "lastModified": "2024-11-21T02:20:25.733",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-12-24T18:59:06.607",
      "references": "[{\"url\": \"http://mis.fortunecook.ie/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Dec/87\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/561444\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/105173\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://mis.fortunecook.ie/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Dec/87\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/561444\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/105173\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-17\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-9222\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-12-24T18:59:06.607\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \\\"Misfortune Cookie\\\" vulnerability.\"},{\"lang\":\"es\",\"value\":\"AllegroSoft RomPager 4.34 y anteriores, utilizado en productos Huawei Home Gateway y otros proveedores y productos, permite a atacantes remotos obtener privilegios a trav\u00e9s de una cookie modificada que provoca una corrupci\u00f3n en memoria, tambi\u00e9n conocido como la vulnerabilidad \u0027Misfortune Cookie\u0027\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-17\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:allegrosoft:rompager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.07\",\"matchCriteriaId\":\"FDBB61DF-D173-4046-B619-C762147742A8\"}]}]}],\"references\":[{\"url\":\"http://mis.fortunecook.ie/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/87\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/561444\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/105173\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://mis.fortunecook.ie/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/87\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/561444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/105173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2014-AVI-536

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Huawei RomPager. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Huawei HG530 versions antérieures à HG530 V100R001C10B025

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Huawei Huawei-SA-20141219- RomPager du 19 décembre 2014	None	vendor-advisory
Bulletin de sécurité Huawei Huawei-SA-20141219- RomPager du 19 décembre 2014	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eHuawei HG530 versions ant\u00e9rieures \u00e0 HG530 V100R001C10B025\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-9222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9222"
    },
    {
      "name": "CVE-2014-9223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9223"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141219- RomPager du    19 d\u00e9cembre 2014",
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
    }
  ],
  "reference": "CERTFR-2014-AVI-536",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-12-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHuawei RomPager\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Huawei RomPager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141219- RomPager du 19 d\u00e9cembre 2014",
      "url": null
    }
  ]
}

CERTFR-2014-AVI-536

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Huawei HG530 versions antérieures à HG530 V100R001C10B025

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Huawei Huawei-SA-20141219- RomPager du 19 décembre 2014	None	vendor-advisory
Bulletin de sécurité Huawei Huawei-SA-20141219- RomPager du 19 décembre 2014	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eHuawei HG530 versions ant\u00e9rieures \u00e0 HG530 V100R001C10B025\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-9222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9222"
    },
    {
      "name": "CVE-2014-9223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9223"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141219- RomPager du    19 d\u00e9cembre 2014",
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
    }
  ],
  "reference": "CERTFR-2014-AVI-536",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-12-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHuawei RomPager\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Huawei RomPager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141219- RomPager du 19 d\u00e9cembre 2014",
      "url": null
    }
  ]
}

GHSA-528R-899G-3H95

Vulnerability from github – Published: 2022-05-14 03:01 – Updated: 2025-04-12 12:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-9222"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-12-24T18:59:00Z",
    "severity": "HIGH"
  },
  "details": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability.",
  "id": "GHSA-528r-899g-3h95",
  "modified": "2025-04-12T12:43:23Z",
  "published": "2022-05-14T03:01:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9222"
    },
    {
      "type": "WEB",
      "url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
    },
    {
      "type": "WEB",
      "url": "http://mis.fortunecook.ie"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/87"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/561444"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105173"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

ICSMA-18-240-01

Vulnerability from csaf_cisa - Published: 2018-08-28 00:00 - Updated: 2018-08-28 00:00

Summary

ICSMA-18-240-01_Qualcomm Life Capsule

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Summary

Elad Luz of CyberMDX reported this vulnerability to NCCIC.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Elad Luz"
        ],
        "organization": "CyberMDX",
        "summary": "reporting this vulnerability to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "summary",
        "text": "Elad Luz of CyberMDX reported this vulnerability to NCCIC.",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-18-240-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsma-18-240-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-18-240-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-240-01"
      }
    ],
    "title": "ICSMA-18-240-01_Qualcomm Life Capsule",
    "tracking": {
      "current_release_date": "2018-08-28T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSMA-18-240-01",
      "initial_release_date": "2018-08-28T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-08-28T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-18-240-01 Qualcomm Life Capsule "
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 4.01 | \u003c= 4.34",
                "product": {
                  "name": "Allegro RomPager embedded web server: versions 4.01 through 4.34 included in Capsule DTS all versions affected",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Allegro RomPager embedded web server"
          }
        ],
        "category": "vendor",
        "name": "Qualcomm Life"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-9222",
      "cwe": {
        "id": "CWE-668",
        "name": "Exposure of Resource to Wrong Sphere"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability allows an attacker to send a specially crafted HTTP cookie to the web management portal to write arbitrary data to the device memory, which may allow remote code execution.CVE-2014-9222 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "https://customers.capsuletech.com",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://customers.capsuletech.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2014-9222"
    }
  ]
}

FKIE_CVE-2014-9222

Vulnerability from fkie_nvd - Published: 2014-12-24 18:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://mis.fortunecook.ie/	Technical Description, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2014/Dec/87	Mailing List, Third Party Advisory
cve@mitre.org	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/561444	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/105173
cve@mitre.org	https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://mis.fortunecook.ie/	Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Dec/87	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/561444	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105173
af854a3a-2127-422b-91ae-364da2661108	https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	allegrosoft	rompager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:allegrosoft:rompager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDBB61DF-D173-4046-B619-C762147742A8",
              "versionEndIncluding": "4.07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability."
    },
    {
      "lang": "es",
      "value": "AllegroSoft RomPager 4.34 y anteriores, utilizado en productos Huawei Home Gateway y otros proveedores y productos, permite a atacantes remotos obtener privilegios a trav\u00e9s de una cookie modificada que provoca una corrupci\u00f3n en memoria, tambi\u00e9n conocido como la vulnerabilidad \u0027Misfortune Cookie\u0027"
    }
  ],
  "id": "CVE-2014-9222",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-24T18:59:06.607",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://mis.fortunecook.ie/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Dec/87"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/561444"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/105173"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://mis.fortunecook.ie/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Dec/87"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/561444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/105173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-17"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-9222

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-9222

Aliases

CVE-2014-9222

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-9222",
    "description": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability.",
    "id": "GSD-2014-9222"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-9222"
      ],
      "details": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability.",
      "id": "GSD-2014-9222",
      "modified": "2023-12-13T01:22:48.230789Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-9222",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://mis.fortunecook.ie/",
            "refsource": "MISC",
            "url": "http://mis.fortunecook.ie/"
          },
          {
            "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
          },
          {
            "name": "105173",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105173"
          },
          {
            "name": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html",
            "refsource": "CONFIRM",
            "url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
          },
          {
            "name": "20141219 The Misfortune Cookie Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2014/Dec/87"
          },
          {
            "name": "VU#561444",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/561444"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:allegrosoft:rompager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.07",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9222"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-17"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://mis.fortunecook.ie/",
              "refsource": "MISC",
              "tags": [
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "http://mis.fortunecook.ie/"
            },
            {
              "name": "20141219 The Misfortune Cookie Vulnerability",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Dec/87"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
            },
            {
              "name": "VU#561444",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/561444"
            },
            {
              "name": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
            },
            {
              "name": "105173",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/105173"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-08-31T10:29Z",
      "publishedDate": "2014-12-24T18:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-9222 (GCVE-0-2014-9222)

CERTFR-2014-AVI-536

Solution

CERTFR-2014-AVI-536

Solution

GHSA-528R-899G-3H95

ICSMA-18-240-01

FKIE_CVE-2014-9222

GSD-2014-9222

Tags

Sightings

Nomenclature