A critical vulnerability existed within the Kerio Management safety software program that might permit code execution assaults. The vulnerability existed within the platform for a number of years, affecting a number of variations. Customers ought to apply the safety fixes on the earliest to stop potential threats.
Kerio Management Vulnerability Might Enable Code Execution
Safety researcher Egidio Romano found a critical safety subject within the Kerio Management software program. KerioControl is a devoted Unified Menace Administration (UTM) answer from GFI Software program that helps companies safe their inner networks.
As defined in his put up, the safety answer had quite a few vulnerabilities that might permit arbitrary code execution. Recognized as CVE-2024-52875, these vulnerabilities affected the software program variations 9.2.5 by means of 9.4.5, hinting on the sheer variety of customers probably in danger. Since model 9.2.5 was first launched in 2018, the software program was riddled with these vulnerabilities for roughly six years.
Particularly, the researcher found a number of HTTP Response Splitting vulnerabilities affecting no less than the next pages,
- /nonauth/addCertException.cs
- /nonauth/guestConfirm.cs
- /nonauth/expiration.cs
The issues existed on account of improper sanitization of person enter handed by way of the “dest” GET parameter earlier than producing a “Location” HTTP header in a 302 HTTP response. The app’s lack of sanitization for linefeed (LF) characters consequently permits performing Open Redirect, HTTP Response Splitting and Mirrored XSS assaults. In worst situations, an adversary could even acquire arbitrary code execution on the goal techniques. In his put up, the researcher has introduced an in depth technical evaluation of those exploits.
Following this discovery, Romano shortly pinged the distributors to handle the matter. Whereas the vulnerability initially appeared a low-severity subject, Romano acknowledged its excessive severity, contemplating how the issues might be chained for 1-click RCE assaults and to realize root entry to the firewall. An adversary may entry the goal group’s inner community construction.
In response to his report, the distributors patched the vulnerability with KerioControl 9.4.5p1, as confirmed to the researcher. This up to date launch will quickly attain the shoppers to patch weak techniques. Till then, customers could contemplate making use of mitigations, similar to proscribing software program entry to trusted networks and admins, implementing strict enter validation to stop CRLF injection, and guaranteeing thorough worker consciousness concerning the flaw.
Tell us your ideas within the feedback.
