The flaw allows one-click RCE
The Kerio Management vulnerability, together with an older vulnerability, can enable escalating the problem right into a one-click RCE assault, granting root entry to the firewall system. The flaw has continued for practically seven years, affecting variations 9.2.5 (launched in 2018) to 9.4.5.
In response to Romano’s POC, the exploit would come with injecting Base64-encoded payloads to control HTTP responses and introduce arbitrary headers or malicious content material. This doubtlessly allows an HTTP response splitting assault which, in flip, can result in mirrored XSS assault for distant code execution.
The flaw was fastened in variations 9.4.5 Patch1 ( launched on December 19), and 9.4.5. Patch2 (Launched on January 31) with further safety enhancements. GFI Software program suggested admins to use these patches promptly to guard towards these assaults. GFI KerioControl is a well-liked community safety selection by a various vary of organizations, together with McDonald’s and Luxurious Motor Yacht Lotus, with a whole lot of hundreds of actively deployed situations globally.
