SEC Consult has also released a blog post describing the attack scenarios of the vulnerabilities within this advisory in detail and a video which shows the remote attack. Exploit code has been developed as well but will not be released for now. Blog: http://ift.tt/2dlqCuw Video: https://www.youtube.com/watch?v=y_OWz25sHMI SEC Consult Vulnerability Lab Security Advisory < 20160922-0 > ======================================================================= title: Potential backdoor access through multiple vulnerabilities product: Kerio Control Unified Threat Management vulnerable version: <9.1.3, verified in version 9.1.0 build 1087 and 9.1.1 build 1324 fixed version: 9.1.3 (partially fixed, see vendor statement below) CVE number: - impact: critical homepage: http://www.kerio.com/ found: 2016-08-24 by: R. Freingruber (Office Vienna) R. Tavakoli (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Montreal - Moscow Singapore - Vienna (HQ) - Vilnius - Zurich http://ift.tt/1mGHMNR ======================================================================= Vendor description:
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment