Permissions, Privileges, and Access Controls in Kerio Control - #VU21402
Published: September 29, 2019
Vulnerability identifier: #VU21402
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: GFI Software
Affected software:
Kerio Control
Kerio Control
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error that may allow an unauthorized user to bypass configured blocking rules and access the Internet with help of authorized users.
Remediation
Install updates from vendor's website.