Home » Kerio User Forums » Kerio Control » Vulnerabilities have been found in Kerio Control web interface.

Messages: 62
Karma: 7
Send a private message to this user
Multiple vulnerabilities in Kerio Control web interface for versions 9.1.2 and earlier have been found including:

- remote-code-execution in PHP
- CSRF protection bypass
- reflected cross site scripting (XSS)

Kerio has released version 9.1.3 to address these vulnerabilities. It is highly recommended to upgrade to version 9.1.3.

Thanks to SEC Consult (René Freingruber and Raschin Tavakoli) for responsibly reporting the identified issues.
Previous Topic: Cellular Modem usage
Next Topic: Lost Kerio Control License key
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Jan 17 05:37:54 CET 2019

Total time taken to generate the page: 0.75819 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.