As everybody was focusing on
the Sony hacking incident, there was a vulnerability that is affecting over 12 million
Internet routers located in 189 countries across the globe been announced. At
least over 200 different models of the devices are vulnerable. These lists of
vulnerable devices consist of companies such as ASUS, D-Link, Edimax, Huawei,
TP-Link, ZTE, and ZyXEL.
This vulnerability, which is
discovered by the researchers from Check Point’s Malware and Vulnerability
Research Group, called it "Misfortune Cookie vulnerability". It is exploitable
due to an error within the HTTP cookie management mechanism in the affected
software. It allows an attacker to determine the ‘fortune’ (critical
information) of a request by manipulating cookies. Attackers can then send
specially crafted HTTP cookies that exploit the vulnerability to corrupt memory
and alter the application state, which will trick the device’s web server to
treat the current session with administrative privileges.
The actual vulnerability lies
on the software that is the embedded web server RomPager from AllegroSoft.
Devices running RomPager services with versions before 4.34 are vulnerable.
So what can you do with the
exploit of this vulnerability? With administrative access to your device, an
attacker could take control over your wired and/or wireless network
infrastructure. Depending on your gateway device, there may be risk of
Man-in-The-Middle attacks, provide a possible attack vector for LAN-side
vulnerabilities, and also gave the attacker the ability to extract useful
information from the network connections from your devices.
With information extracted
from your network, it also provide the stage for further attacks, such as
installing malware on devices and making permanent configuration changes the
bypassing gateway protection just as firewall or network isolation of your
local network.
Since this is one of the
most widespread vulnerabilities revealed in recent years, how can we mitigate
it? There is actually a patch to the vulnerable software. AllegroSoft issued a
fixed version to address this “Misfortune Cookie vulnerability” in 2005. It is advice
to check with the device vendor if the patched firmware is already available.
But there is always this
common issue of device vendors taking too long to patch up their firmware. Even
if the patch of the vulnerable software available, they need to integrate this
patch into their device firmware, test to make sure nothing breaks and then
make it available which normally takes a long time.
Other mitigation that can be considered will be to deploy Intrusion Prevention Systems (IPS) in front of your device. There are IPS signatures available for this vulnerability (CVE-2014-9222 and CVE-2014-9223).
Reference:
Misfortune Cookie
No comments:
Post a Comment