Hack Reports - Latest Cybersecurity News, Trends & Updates

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

Geetansh -

Latest News on KerioControl Firewall CSRF Vulnerability and CSRF Token Theft

Summary:
Hackers are exploiting a critical CRLF injection vulnerability (CVE-2024-52875) in KerioControl, a firewall solution, to steal admin CSRF tokens, leading to potential 1-click remote code execution (RCE) attacks1.

Detailed Context:

  1. Vulnerability Details:

    • CVE-2024-52875: This is a critical CRLF injection vulnerability that allows attackers to inject malicious headers, potentially leading to RCE attacks1.
    • Affected Versions: All versions of KerioControl up to 9.4.5 are affected12.

  2. Exploit Analysis:

    • Exploit Attempts: Observations indicate that exploit attempts began on December 28, 2024, with ongoing attempts to exploit this vulnerability5.
    • Impact: The vulnerability allows attackers to steal admin CSRF tokens, which can be used for unauthorized access and potentially for RCE attacks1.

  3. Recommendations:

    • Patch Installation: Users are advised to update their KerioControl installations to the latest version to mitigate this vulnerability1.
    • Security Measures: Implementing robust security measures, such as regular updates and monitoring for suspicious activity, is crucial to prevent exploitation of this vulnerability1.

Additional Context

  • Other Security Issues:
    • GFI Kerio Control Multiple HTTP Response Splitting Vulnerabilities: Additionally, GFI Kerio Control has multiple HTTP response splitting vulnerabilities affecting versions from 9.2.5 to 9.4.52.
    • IBM Navigator for i SSRF Vulnerability: Another vulnerability was identified in IBM Navigator for i, which supports the vast majority of tasks for administering IBM i systems, involving a Server-Side Request Forgery (SSRF) issue (CVE-2024-51463)2.

Trustworthy Citations

  • 1 BleepingComputer: "Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens"
  • 2 SecLists.Org: "Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip."
  • 5 Infosec Exchange: "Our friends at Censys released an advisory regarding Kerio CVE-2024-52875."

These sources provide comprehensive and reliable information on the latest news regarding the KerioControl firewall CSRF vulnerability and CSRF token theft in 2024.