Kerio Connect
CVE-2017-7440
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.
AnalysisAI
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-1021. Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. Affected products include: Gfi Kerio Connect, Gfi Kerio Connect Client. Version information: through 9.2.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Kerio Connect
View allAn issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). Rated high severity (CVSS 8.8), this vulne
A vulnerability was found in GFI KerioConnect 10.0.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely e
A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. Rated medium severity (CVSS 5.1), th
A vulnerability was found in GFI KerioConnect 10.0.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely e
Share
External POC / Exploit Code
Leaving vuln.today