Grounds we enable one click RCE
Kerio Control at risk, in partnership with the old risk, can allow the problem to one rhera attack, has provided root access to the firewall system. Error persistently opens on seven years, affects versions 9.2.5 (released in 2018) to 9.4.5.
According to Romano’s POC, exploit will include injecting base64-encode combined to deceive http responses and present the arguments of arguments or malicious content. This may allow classification of the HTTP response, with it, it can result in the revenue of the XSS displayed in the execution of the remote code.
The error was configured in translations 9.4.5 Patch1 (issued in December 19), and 9.4.5. Patch2 (released on January 31) For additional security enhancements. GFFI software advises Admins to use the islands immediately to protect the attack. GFI Kerioocoltrol is a popular network security system in the nature of various organizations, including MCDONALD’s and motor Yotus, with hundreds of thousands of operations worldwide.
Source link