Summary: Threat actors are exploiting a recently disclosed vulnerability in GFI KerioControl firewalls, allowing for one-click remote code execution (RCE) via HTTP response splitting attacks. This flaw, tracked as CVE-2024-52875, has been deemed high severity due to its potential impact on network security.
Threat Actor: Unknown | unknown
Victim: GFI KerioControl users | GFI KerioControl
Key Point :
- The vulnerability allows attackers to perform HTTP response splitting, leading to reflected cross-site scripting (XSS) and RCE.
- Exploitation requires convincing an authenticated administrator to click a malicious URL, triggering a firmware upload that grants root access.
- Approximately 24,000 GFI KerioControl instances are accessible from the internet, with many potentially vulnerable.
- Users are advised to update to version 9.4.5 Patch 1 to mitigate the risk.
Source: https://www.securityweek.com/gfi-keriocontrol-firewall-vulnerability-exploited-in-the-wild/
Views: 0