← voltar
CVE-2025-34070

GFI Kerio Control GFIAgent Missing Authentication on Administrative Interfaces

CVSS 10 CRITICALEPSS 0.7%CWE-306
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 10EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
02 jul 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Produtos afetados
GFI Software · Kerio Control

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rce