If our IPS doesn't have the signatures yet, what interim mitigating measures we can undertake?
Misfortune Cookie vulnerability (CVE-2014-9222) affecting RomPager software component (versions before 4.34) from AllegroSoft:
This software is embedded in firmware used by millions of residential gateway (SOHO router) devices from different models and makers. Although the vulnerability was addressed by AllegroSoft in 2005, Check Point research reported that approximately 12 million readily exploitable unique devices connected to the internet present in 189 countries across the globe. The result was measured based on scans of ports 80 and 7547 for the vulnerable software. Check Point provided a list of suspected-vulnerable residential gateway models for reference. (http://mis.fortunecook.ie/misfortune-cookie-suspected-vulnerable.pdf
The vulnerability allows an attacker to execute arbitrary code remotely and take over the device with administrative privileges. With administrative access to the gateway, attackers have the ability to directly monitor connections and identifiers belonging to your devices. Attackers can also set the stage for further attacks, such as installing malware on devices and making permanent configuration changes to bypass any firewall or isolation functionality previously provided by the gateway resulting in networked devices (eg. computers, phones, tablets, printers, security cameras) having increased risk of compromise. For example, an attacker can try to access your home webcam (potentially using default credentials) or extract data from your business NAS backup drive.
Although the vulnerable RomPager software are prevalent in residential gateways, it could also be used in embedded devices like printers, digital media devices, routers, RAID disk arrays, UPS systems, automated building control systems, and remote access servers. According to AllegroSoft’s website, some of the major equipment vendors using RomPager are listed below.
· Brocade, APC, 3Com, Schneider Electric, Konica Minolta, Kronos, Nortel Networks, Xerox, D-Link Systems, Inc., Intel, Cisco