A critical vulnerability in Kerio Control, a popular firewall and Unified Threat Management (UTM) product, has been discovered that could allow attackers to execute remote code with a single click.
The flaw, identified as CVE-2024-52875, affects versions 9.2.5 through 9.4.5 of the software, potentially impacting thousands of installations worldwide.
Security researcher Egidio Romano uncovered multiple HTTP Response Splitting vulnerabilities in Kerio Control, which can be exploited to perform Open Redirect and HTTP Response Splitting attacks. These, in turn, could lead to Reflected Cross-Site Scripting (XSS) and potentially more severe consequences.
The vulnerabilities are present in several pages of the Kerio Control interface, including /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs. The root cause is improper sanitization of user input passed via the “dest” GET parameter, which is then used to generate a “Location” HTTP header in a 302 HTTP response.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Kerio 1-click Remote Code Execution (RCE)
Initially thought to be of low severity due to the required user interaction, further analysis revealed that these vulnerabilities could be leveraged to achieve 1-click Remote Code Execution (RCE) by exploiting a nine-year-old vulnerability.
This discovery prompted the researcher to reclassify the issue as high severity, with a CVSS score of 8.8.
The potential impact of this vulnerability is significant. Successful exploitation could allow an attacker to gain a root shell on the firewall, effectively compromising the entire network security infrastructure.
This is particularly concerning given that Kerio Control is designed to be a frontline defense against cyber threats, the researcher said.
GFI Software, the company behind Kerio Control, has been notified of the vulnerability. As of now, there is no information available about a patch or mitigation strategies.
Users and administrators of Kerio Control systems are advised to monitor for official updates and take precautionary measures to protect their networks.
This incident highlights the importance of continuous security testing and prompt patching, even for products specifically designed for security purposes.
It also serves as a reminder that vulnerabilities can persist for years if not properly addressed, potentially leaving systems exposed to sophisticated attacks.
Organizations using Kerio Control are urged to assess their risk exposure and implement additional security layers while awaiting an official fix from GFI Software.
As the situation develops, it is crucial for IT security teams to stay vigilant and prepared to respond swiftly to any potential exploitation attempts of this vulnerability.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!