More than 12,000 interconnected screens of GFI Keriocontrol are still vulnerable to a critical vulnerability cve-2024-52875, which allows remote code execution (RCE). Despite the patch being released in December, the problem remains prevalent, and cybercriminals are actively exploiting it.
Keriocontrol, a comprehensive network security system widely utilized by small and medium-sized businesses, offers VPN, traffic filtering, antivirus protection, monitoring, and throughput management. However, the active exploitation of this vulnerability poses a threat to the security of numerous organizations.
The security researcher Edzidios Romano identified the gap in defense in December, showcasing the ability to execute remote code with just one click. The issue stems from inadequate cleansing of user input in the DEST parameter, enabling attackers to insert malicious HTTP headers and execute Reflected XSS attacks.
GFI Software released a patch in version 9.4.5 Patch 1 on December 19, 2024; however, even three weeks later, more than 23,800 servers remained susceptible. Despite warnings, companies are sluggish in updating, leaving thousands of Keriocontrol units exposed to attacks.
In January, active exploitation attempts commenced, with hackers utilizing publicly accessible POC code to steal CSRF tokens from administrators. On February 10, Shadowserver specialists reported about 12,229 compromised devices in high-risk zones.
Most of the vulnerable Keriocontrol units are concentrated in Iran, USA, Italy, Germany, Russia, Kazakhstan, Uzbekistan, France, Brazil, and India. With a low entry barrier, attackers of varying expertise can leverage this vulnerability.
Experts caution that the existence of a public exploit poses significant threats to companies relying on Keriocontrol. The vulnerability enables HTTP Response Splitting attacks, potentially leading to XSS exploitation and further compromises.
Vulnerable servers are strongly advised to update to version 9.4.5 Patch 2, released on January 31, 2025. The update includes crucial security enhancements