By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
Tech News

Over 12,000 KerioControl firewalls exposed to exploited RCE flaw

By admin 2 Min Read
Share
SHARE

Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875.

KerioControl is a network security suite that small and medium-sized businesses use for VPNs, bandwidth management, reporting and monitoring, traffic filtering, AV protection, and intrusion prevention.

The flaw in question was discovered in mid-December by security researcher Egidio Romano (EgiX), who demonstrated the potential for dangerous 1-click RCE attacks.

GFI Software released a security update for the problem with version 9.4.5 Patch 1 on December 19, 2024, yet three weeks later, according to Censys, over 23,800 instances remained vulnerable.

Early last month, Greynoise revealed it had detected active exploitation attempts leveraging Romano’s proof-of-concept (PoC) exploit, aimed at stealing admin CSRF tokens.

Despite the warning about active exploitation, threat monitoring service The Shadowserver Foundation now reports seeing 12,229 KerioControl firewalls exposed to attacks leveraging CVE-2024-52875.

Location of exposed instances
<strong>Location of exposed instances</strong><br /><em>Source: The Shadowserver Foundation</em>

Most of these instances are located in Iran, the United States, Italy, Germany, Russia, Kazakhstan, Uzbekistan, France, Brazil, and India.

With the existence of a public PoC for CVE-2024-52875, the requirements for exploitation are low, allowing even unskilled hackers to join the malicious activity.

“User input passed to these pages via the “dest” GET parameter is not properly sanitized before being used to generate a “Location” HTTP header in a 302 HTTP response,” explains Egidio Romano.

“Specifically, the application does not correctly filter/remove linefeed (LF) characters. This can be exploited to perform HTTP Response Splitting attacks, which in turn might allow to carry out Reflected Cross-Site Scripting (XSS) and possibly other attacks.”

“NOTE: the Reflected XSS vector might be abused to perform 1-click Remote Code Execution (RCE) attacks.”

If you haven’t applied the security update yet, it is strongly advised that you install KerioControl version 9.4.5 Patch 2, released on January 31, 2025, which contains additional security enhancements.

You Might Also Like

Top 3 leadership myths debunked

Adds Device Fingerprinting, PNG Steganography Payloads

Your Delivery Robot Is Here

Samsung Galaxy Tab S11 Review: It’s Time For Something New

How the World’s Largest 3D Object Library By Microsoft & NVIDIA

TAGGED: Cybersecurity, Firewall, Kerio Control, RCE, Remote Code Execution, Vulnerability
Share This Article
Facebook Twitter Copy Link
Previous Article Pep insists Man City future is bright as Neville calls for 'full reset'
Next Article Lenovo Yoga Slim 9i (14 Inch, Gen 10) Review: Hidden Webcam
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Patricia Routledge Net Worth: How Much Money the ‘Keeping Up With Appearances’ Star Had
Celebrity
Ghost of Yōtei’s Open World is a Cut Above Its Competition
Gaming News
The best guns in the Black Ops 7 beta in early access
Gaming News
6-story office building to be converted into housing in Denver’s Capitol Hill
Business
Could Trump’s $2,000 tariff rebates for Americans stimulate an altcoin surge?
Crypto
Hegseth announces latest strike on boat near Venezuela he says was trafficking drugs
World News
Top 3 leadership myths debunked
Tech News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Patricia Routledge Net Worth: How Much Money the ‘Keeping Up With Appearances’ Star Had

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Patricia Routledge Net Worth: How Much Money the ‘Keeping Up With Appearances’ Star Had
October 3, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?