Summary: Over 12,000 GFI KerioControl firewalls are vulnerable to a critical remote code execution flaw (CVE-2024-52875) that can be exploited through improperly sanitized user input. Despite the release of a security update, many instances remain exposed, prompting concerns over active exploitation attempts. Users are urged to update to the latest version to mitigate risks.
Affected: GFI KerioControl firewall instances
Keypoints :
- Vulnerability allows for one-click remote code execution attacking user inputs.
- Over 23,800 instances were still vulnerable weeks after the initial security patch was released.
- Active exploitation attempts have been detected, targeting admin CSRF tokens.
- Most exposed instances are located in various countries, including the United States, Italy, and Iran.
- It is crucial for users to update to KerioControl version 9.4.5 Patch 2 for enhanced security measures.