Avsoft Kerio WinRoute Firewall 5 Embedded Web Server information disclosure
|CVSSv3 Temp Score||Current Exploit Price (≈)|
A vulnerability was found in Avsoft Kerio WinRoute Firewall 5. It has been classified as critical. This affects an unknown function of the component Embedded Web Server. The manipulation with an unknown input leads to a information disclosure vulnerability. This is going to have an impact on confidentiality.
The weakness was disclosed 05/10/2012 by Andrey Komarov. The public release has been coordinated in cooperation with Avsoft. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but a public exploit is available.
After immediately, there has been an exploit disclosed. The exploit is shared for download at exploit-db.com. We expect the 0-day to have been worth approximately $1k-$2k.
Upgrading to version 6 eliminates this vulnerability. The upgrade is hosted for download at winroute.ru. It is possible to mitigate the weakness by firewalling Web Server Port. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.
CVSSv3Base Score: 7.5 [?]
Temp Score: 7.2 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:O/RC:X [?]
CVSSv2Base Score: 7.1 (CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N) [?]
Temp Score: 6.2 (CVSS2#E:ND/RL:OF/RC:ND) [?]
ExploitingClass: Information disclosure
Current Price Estimation: $1k-$2k (0-day) / $0-$1k (Today)
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Exploit Delay Time: 0 days since known
Upgrade: Kerio WinRoute Firewall 6
Firewalling: Web Server Port
Timeline05/10/2012 Advisory disclosed
05/10/2012 +0 days Exploit disclosed
05/10/2012 +0 days Countermeasure disclosed
05/12/2012 +2 days OSVDB entry created
05/21/2012 +9 days VulDB entry created
12/07/2015 +1295 days VulDB entry updated
SourcesResearcher: Andrey Komarov
OSVDB: 81829 - Kerio WinRoute Firewall Embedded Web Server Source Code Disclosure
Entry: 80.3% complete