Critical RCE Vulnerability Found in GFI KerioControl
/ 1 min read
🛡️🖥️ Critical RCE vulnerability discovered in GFI KerioControl firewalls. A newly identified security flaw, CVE-2024-52875, affects GFI KerioControl versions 9.2.5 to 9.4.5, allowing remote code execution through a carriage return line feed (CRLF) injection attack. This vulnerability can lead to HTTP response splitting and potential cross-site scripting (XSS) attacks. Discovered by security researcher Egidio Romano, the flaw has been actively targeted since December 28, 2024, with attempts originating from multiple IP addresses in Singapore and Hong Kong. GFI released a patch on December 19, 2024, and users are urged to secure their systems promptly, as over 23,800 instances of KerioControl are exposed on the internet, primarily in countries like Iran, the U.S., and Germany.
