Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection – [email protected] (The Hacker News)

[[{“value”:”Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE).
The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then”}]]  – Read More  – The Hacker News