Vulnerabilities > CVE-2023-25267 - Out-of-bounds Write vulnerability in GFI Kerio Connect 9.4.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://gist.github.com/Frycos/62fa664bacd19a85235be19c6e4d7599
- https://gist.github.com/Frycos/62fa664bacd19a85235be19c6e4d7599
- https://support.kerioconnect.gfi.com/hc/en-us/articles/9044634878226-Kerio-Connect-10-0-0-Release-Notes
- https://support.kerioconnect.gfi.com/hc/en-us/articles/9044634878226-Kerio-Connect-10-0-0-Release-Notes