GFI KerioControl’s Critical RCE Vulnerability Permits Remote Code Execution via CRLF Injection
January 10, 2025An Emerging Ducktail Infostealer – Active IOCs
January 10, 2025GFI KerioControl’s Critical RCE Vulnerability Permits Remote Code Execution via CRLF Injection
January 10, 2025An Emerging Ducktail Infostealer – Active IOCs
January 10, 2025Severity
High
Analysis Summary
CVE-2024-12806 CVSS:7.5
A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.
CVE-2024-12805 CVSS:9.8
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
CVE-2024-12803 CVSS:9.8
A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
CVE-2024-53706 CVSS:7.8
A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.
CVE-2024-53705 CVSS:7.5
A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.
CVE-2024-53704 CVSS:9.8
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVE-2024-40762 CVSS:9.8
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.
CVE-2024-40765 CVSS:9.8
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Buffer Overflow
- Privilege Escalation
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-12806
- CVE-2024-12805
- CVE-2024-12803
- CVE-2024-53706
- CVE-2024-53705
- CVE-2024-53704
- CVE-2024-40762
- CVE-2024-40765
Affected Vendors
Affected Products
- SonicWall SonicOS Management
- SonicWall Gen7 SonicOS Cloud Platform NSv
- SonicWall SonicOS SSH Management
- SonicWall Gen6 Hardware Firewalls
- SonicWall Gen7 Firewalls
- SonicWall Gen7 NSv
- SonicWall TZ80 Version 8.0.0-8035
- SonicWall Gen6 NSv
Remediation
Refer to SonicWall Security Advisory for patch, upgrade, or suggested workaround information.