A critical vulnerability in Kerio Control, a popular firewall and Unified Threat Management (UTM) product, has been discovered that could allow attackers to execute remote code with a single click.
The flaw, identified as CVE-2024-52875, affects versions 9.2.5 through 9.4.5 of the software, potentially impacting thousands of installations worldwide.
Security researcher Egidio Romano uncovered multiple HTTP Response Splitting vulnerabilities in Kerio Control, which can be exploited to perform Open Redirect and HTTP Response Splitting attacks. These, in turn, could lead to Reflected Cross-Site Scripting (XSS) and potentially more severe consequences.
.png
)
The vulnerabilities are present in several pages of the Kerio Control interface, including /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs. The root cause is improper sanitization of user input passed via the “dest” GET parameter, which is then used to generate a “Location” HTTP header in a 302 HTTP response.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Kerio 1-click Remote Code Execution (RCE)
Initially thought to be of low severity due to the required user interaction, further analysis revealed that these vulnerabilities could be leveraged to achieve 1-click Remote Code Execution (RCE) by exploiting a nine-year-old vulnerability.
This discovery prompted the researcher to reclassify the issue as high severity, with a CVSS score of 8.8.
The potential impact of this vulnerability is significant. Successful exploitation could allow an attacker to gain a root shell on the firewall, effectively compromising the entire network security infrastructure.
This is particularly concerning given that Kerio Control is designed to be a frontline defense against cyber threats, the researcher said.
GFI released a fix on December 19, 2024, to address the vulnerability. Users are urged to update to Version 9.4.5 Patch 2.
Users and administrators of Kerio Control systems are advised to monitor for official updates and take precautionary measures to protect their networks.
Organizations using Kerio Control are urged to apply the official fix from GFI Software.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
