CVE-2024-52875
CVE-2024-52875
In short
GFI Kerio Control has a flaw where user input in the 'dest' parameter isn't properly checked before being used in redirect responses, allowing attackers to redirect users to malicious websites or inject harmful content into web pages.
Technical detail
The vulnerability exists in /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs endpoints where the 'dest' GET parameter is insufficiently sanitized before being embedded in Location HTTP headers (CWE-113). This enables open redirect and HTTP response splitting attacks leading to reflected XSS; further privilege escalation to RCE is possible via the admin upgrade feature.
Summary generated and translated by AI from the official description.
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
GFI · Kerio ControlWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →