Vulnerability Exploits

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

Latest News on KerioControl Firewall CSRF Vulnerability and CSRF Token Theft

Summary:
Hackers are exploiting a critical CRLF injection vulnerability (CVE-2024-52875) in KerioControl, a firewall solution, to steal admin CSRF tokens, leading to potential 1-click remote code execution (RCE) attacks1.

Detailed Context:

Vulnerability Details:
- CVE-2024-52875: This is a critical CRLF injection vulnerability that allows attackers to inject malicious headers, potentially leading to RCE attacks1.
- Affected Versions: All versions of KerioControl up to 9.4.5 are affected1 2.
Exploit Analysis:
- Exploit Attempts: Observations indicate that exploit attempts began on December 28, 2024, with ongoing attempts to exploit this vulnerability5.
- Impact: The vulnerability allows attackers to steal admin CSRF tokens, which can be used for unauthorized access and potentially for RCE attacks1.
Recommendations:
- Patch Installation: Users are advised to update their KerioControl installations to the latest version to mitigate this vulnerability1.
- Security Measures: Implementing robust security measures, such as regular updates and monitoring for suspicious activity, is crucial to prevent exploitation of this vulnerability1.

Additional Context

Other Security Issues:
- GFI Kerio Control Multiple HTTP Response Splitting Vulnerabilities: Additionally, GFI Kerio Control has multiple HTTP response splitting vulnerabilities affecting versions from 9.2.5 to 9.4.52.
- IBM Navigator for i SSRF Vulnerability: Another vulnerability was identified in IBM Navigator for i, which supports the vast majority of tasks for administering IBM i systems, involving a Server-Side Request Forgery (SSRF) issue (CVE-2024-51463)2.

Trustworthy Citations

1 BleepingComputer: "Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens"
2 SecLists.Org: "Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip."
5 Infosec Exchange: "Our friends at Censys released an advisory regarding Kerio CVE-2024-52875."

These sources provide comprehensive and reliable information on the latest news regarding the KerioControl firewall CSRF vulnerability and CSRF token theft in 2024.

Unpatched critical flaws impact Fancy Product Designer WordPress plugin

Latest News on Fancy Product Designer WordPress Vulnerabilities Critical Flaws in Fancy Product Designer Plugin: The Fancy Product Designer WordPress plugin, developed by Radykal, has been identified with two critical severity flaws that remain unfixed in the current latest version4. These vulnerabilities include: 1. SQL Injection: The plugin is vulnerable

Ivanti warns of new Connect Secure flaw used in zero-day attacks - BleepingComputer

Ivanti has recently issued a warning about a new zero-day vulnerability in its Connect Secure product, which has been exploited by hackers to install malware on appliances. Here are the key details: Key Highlights: 1. Vulnerability Details: * The vulnerability, tracked as CVE-2025-0282, is a critical (CVSS 9.0) stack-based buffer

Ivanti warns of new Connect Secure flaw used in zero-day attacks

The latest news on the Ivanti Connect Secure vulnerability involves a zero-day attack that was recently disclosed and addressed by Ivanti. Here are the key highlights: 1. Vulnerability Disclosure: * Ivanti has disclosed two vulnerabilities affecting its Connect Secure, Policy Secure, and Neurons for Zero Trust Access (ZTA) gateways14. * The vulnerabilities

Latest News on KerioControl Firewall CSRF Vulnerability and CSRF Token Theft

Additional Context

Trustworthy Citations

Read next