Critical KerioControl Vulnerability Puts 12,000+ Networks at Risk

A Growing Cybersecurity Crisis for Businesses

Introduction

A newly discovered remote code execution (RCE) vulnerability, CVE-2024-52875, is exposing over 12,000 GFI KerioControl firewall instances to potential cyber-attacks. Despite security patches released in December 2024, many organizations have yet to update their systems, putting their networks, sensitive data, and business operations at risk.

GFI KerioControl is widely used by small and medium-sized businesses (SMBs) for VPNs, traffic filtering, intrusion prevention, and network security. A public proof-of-concept (PoC) exploit is already available, making it easy for cybercriminals to exploit the vulnerability.

Why Does This Matter for Your Business?

The CVE-2024-52875 vulnerability allows attackers to execute arbitrary code remotely, potentially leading to:

• Complete System Takeover - Hackers can gain control over corporate networks.

• Data Breach & Compliance Violations - Unpatched systems increase the risk of data theft and non-compliance with standards such as DORA and GDPR.

• Business Operations Disruptions - Threat actors can deploy ransomware, halt business operations, and demand a ransom payment.

• Reputational & Financial Damage - Customers and investors lose trust in businesses that fail to secure their IT infrastructure and data of customers.

Active Exploitation

At the time, Censys detected 23,867 exposed GFI KerioControl firewalls. While not all instances are confirmed to be vulnerable, thousands remain at risk due to unpatched systems. As told earlier, the PoC is publicly available, which makes it easy to exploit particular vulnerabilities.

A Costly Lesson in Firewall Security

A similar firewall vulnerability led to the Accellion File Transfer Appliance (FTA) breach in late 2020, where attackers exploited multiple zero-day flaws. This incident affected over 25 organizations, including Shell Oil Company, the Reverse Bank of New Zeeland, and the University of California. The breach resulted in an $8.1 million settlement and regulatory scrutiny under HIPPA and GDPR, which impose penalties of up to €20 million or 4% of annual revenue for non-compliance.

Such types of attacks highlight the severe financial and operational consequences of failing to secure IT infrastructure. The CVE-2024-52875 poses similar risks, allowing attackers to execute arbitrary code remotely, compromise corporate networks, and steal sensitive data.

How to Protect Your Business?

Organizations that still run outdated KerioControl versions must immediately update to version 9.4.5 Patch 2, which will be released on January 31, 2025. However, patching alone is not enough, proactive cybersecurity measures are necessary to prevent similar threats, with which Cytopus can help you.

How Cytopus Can Help Your Business?

Our team of experts ensures that your organization has implemented solutions to prevent

attackers from exploiting known and proactive vulnerabilities such as CVE-2024-52875. We will

help you with:

• Compliance and Regulatory Alignment: Our experts conduct compliance audits to

  identify gaps in security practices and ensure you meet legal and industry-specific

  cybersecurity requirements, such as GDPR, DORA, CRA, etc.

• Vulnerability Management: Cytopus ensures that vulnerabilities in your IT infrastructure

  are identified and mitigated before attackers exploit them.

• Continuous Monitoring and Threat Detections: We provide monitoring solutions to

  detect unusual activities across your systems, networks, and cloud environments.

• Business Continuity and Disaster Recovery Plan: Cytopus helps businesses develop

  and test robust disaster recovery strategies, ensuring uninterrupted operations in the

  event of ransomware attacks, system failures, or other cybersecurity incidents.