CVE-2024-52875 Scanner

Kerio Control is an all-in-one unified threat management solution used by small and medium-sized businesses for firewall protection, VPN support, and network management. It is widely deployed in enterprise environments to ensure secure connectivity and mitigate cyber threats. The software provides centralized security management and is critical for maintaining secure communication networks.

CRLF Injection is a type of vulnerability where an attacker injects malicious CRLF (Carriage Return Line Feed) sequences into HTTP headers. This allows attackers to manipulate HTTP responses, leading to HTTP response splitting and header injection. It can potentially enable malicious payloads or redirect victims to malicious websites.

The vulnerability exists in specific endpoints of Kerio Control, such as `/nonauth/guestConfirm.cs` and `/nonauth/addCertException.cs`. These endpoints fail to sanitize input adequately, enabling the injection of CRLF sequences. Attackers can exploit this flaw to modify HTTP headers or inject malicious content into responses.

If exploited, this vulnerability can lead to session hijacking, phishing attacks, or unauthorized content injection. It could also allow attackers to manipulate browser behavior or exploit trust between the client and server. This could result in data breaches or compromise of user sessions.

REFERENCES

• https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875
• https://nvd.nist.gov/vuln/detail/CVE-2024-52875