Javier Burroni

Name of the Vulnerable Software and Affected Versions: Kerio Personal Firewall (KPF) versions 2.1.4 and earlier Description: The issue allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server. Recommendations: For versions 2.1.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Kerio Personal Firewall versions 2.1.4 and earlier Description: A buffer overflow issue exists in the administrator authentication process, allowing remote attackers to execute arbitrary code via a handshake packet. Recommendations: For Kerio Personal Firewall versions 2.1.4 and earlier, update to a version later than 2.1.4 to resolve the issue.