Vulnerability Description
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gfi | Kerio Control | >= 9.2.5, <= 9.4.5 |
Related Weaknesses (CWE)
References
- https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875ExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2024/Dec/15ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2024-52875?
CVE-2024-52875 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not...
How severe is CVE-2024-52875?
CVE-2024-52875 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-52875?
Check the references section above for vendor advisories and patch information. Affected products include: Gfi Kerio Control.