Misfortune Cookie is a computer software vulnerability found in the firmware of certain network routers which can be leveraged by an attacker to gain access remotely. The vulnerability has been detected to have affected around 12 million unique devices spread across 189 countries, earning itself a 9.8 Tyne CVSS rating.[1][citation needed] Any device connected to an exposed network could be hijacked by an attacker who could easily monitor a person's Internet connection or steal their credentials as well as personal or business data. They could also attempt to infect the target machines with malware.
Otherwise known as CVE-2014-9222, the bug was first discovered in 2014 by Check Point researchers. It returned again in 2018, four years after its public disclosure, but this time, affecting a completely different set of targets, aka medical devices.[2] When the vulnerability was applied to medical attacks, the DTS configurations could be tampered with, communication could be spoofed, and information could be stolen from an unsuspecting person.
With the combination of its severity, ease of exploiting, lack of practically any preconditions and the sheer volume of affected networks, the Misfortune Cookie could be considered truly unique. The vulnerability was so easy to exploit that all an attacker had to do to gain access over a device was to send a single packet to the device's public IP address. The exploitation could be carried out with just a modern-day web browser making it even more dangerous than most security vulnerabilities.[1]
The attacker in this scenario sends a crafted HTTP cookie attribute to the vulnerable system's (network router) web-management portal, where the attacker's content overwrites the device memory. The contents of the cookie act as command to the router which then abides by the commands. This results in arbitrary code execution. This vulnerability was discovered in the early 2000s but did not emerge publicly until 2014, when security researchers from an Israeli security firm checkpoint made a public disclosure. The vulnerability still persists in over 1 million devices accessible over the Internet and a total of about 12 million devices. This includes around 200 different router brands.[3]
In 2018, the vulnerability again gained traction as the vulnerable firmware was used in medical equipment that could potentially cause life-threatening attacks via IoT.[4] Its severity was highlighted by ICS-CERT in its advisory, thereby.[5]