Threat actors are exploiting a recent GFI KerioControl firewall vulnerability that leads to remote code execution.
January 9, 2025 By Ionut Arghire
Threat actors are exploiting a recently disclosed GFI KerioControl firewall vulnerability that leads to one-click remote code execution (RCE), threat intelligence firm GreyNoise warns.
GFI KerioControl is a network security solution that provides firewall functionality and unified threat management capabilities, including threat detection and blocking, traffic control, intrusion prevention, and VPN features.
The exploited issue, tracked as CVE-2024-52875 and patched on December 19, is a CRLF injection flaw that can be exploited to perform HTTP response splitting attacks, leading to reflected cross-site scripting (XSS).
According to security researcher Egidio Romano, who published a detailed technical writeup of the vulnerability on December 16, the reflected XSS attack vector can be exploited to perform one-click RCE attacks.