Vulnerability Details CVE-2024-52875
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.866
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-52875
-
cpe:2.3:a:gfi:kerio_control:9.3.0
-
cpe:2.3:a:gfi:kerio_control:9.3.6
-
cpe:2.3:a:gfi:kerio_control:9.4.2
-
cpe:2.3:a:gfi:kerio_control:9.4.3
-
cpe:2.3:a:gfi:kerio_control:9.4.4
-
cpe:2.3:a:gfi:kerio_control:9.4.5