Ορολογία της Ημέρας (T.O.D) – 27/1/2017 [Misfortune Cookie]

Misfortune Cookie is a firmware vulnerability in many older routers.

Once the embedded software running the device is exploited, the attacker can gain administrative privileges and use the device to gather data, steal credentials or upload malicious files to networked devices.

When the flaw was discovered in late 2014, it had already been in existence for a decade. The source of the issue is an error in the HTTP cookie-management mechanism in the device software. All the attacker has to do is send a single packet containing a malicious HTTP cookie to begin an exploit.

Lior Oppenheim, a researcher for network and endpoint security vendor Check Point Software Technologies Ltd., discovered the flaw, officially known as CVE-2014-9222. According to Check Point, the vulnerability affects over 12 million affected devices in 200 different models.

Although there have not yet been any documented Misfortune Cookie router attacks, Check Point is publicizing the vulnerability as a wake-up call for small office and home (SOHO) networks and the embedded device industry.

Check Point provides a list of suspected vulnerable routers on their website.

My Many Thanks to TechTarget.com

IV

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s