The flaw enables one-click RCE: The Kerio Control vulnerability, in conjunction with an older vulnerability, can allow escalating the issue into a one-click RCE attack, granting root access to the firewall system. The flaw has persisted for nearly seven years, affecting versions 9.2.5 (released in 2018) to 9.4.5.According to Romano’s POC, the exploit would include injecting Base64-encoded payloads to manipulate HTTP responses and introduce arbitrary headers or malicious content. This potentially enables an HTTP response splitting attack which, in turn, can lead to reflected XSS attack for remote code execution.The flaw was fixed in versions 9.4.5 Patch1 ( released on December 19), and 9.4.5. Patch2 (Released on January 31) with additional security enhancements. GFI Software advised admins to apply these patches promptly to protect against these attacks. GFI KerioControl is a popular network security choice by a diverse range of organizations, including McDonald’s and Luxury Motor Yacht Lotus, with hundreds of thousands of actively deployed instances globally.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3821872/over-12000-keriocontrol-firewalls-remain-prone-to-rce-attack-amid-active-exploits.html
