Photo credit: www.csoonline.com
The Flaw Enables One-Click RCE
A serious vulnerability has been discovered in Kerio Control, which when combined with an older weakness, can facilitate a one-click Remote Code Execution (RCE) attack. This vulnerability has been present for almost seven years and affects versions ranging from 9.2.5, introduced in 2018, to 9.4.5.
Research conducted by cybersecurity expert Romano has demonstrated that the exploit involves injecting Base64-encoded payloads, which can manipulate HTTP responses to introduce harmful headers or illicit content. This creates the possibility for an HTTP response splitting attack, potentially leading to reflected Cross-Site Scripting (XSS) that allows for remote code execution.
The issue has been addressed in the recent patches for versions 9.4.5 Patch1 and Patch2, released on December 19 and January 31, respectively. These updates not only fix the vulnerability but also provide additional security enhancements. GFI Software has urged system administrators to implement these patches without delay to safeguard their systems against potential exploits. GFI Kerio Control is widely utilized across various sectors, including notable organizations such as McDonald’s and Luxury Motor Yacht Lotus, with its presence spanning hundreds of thousands of active installations worldwide.
Source
www.csoonline.com