Local Privilege Escalation Vulnerability in Kerio Winroute Firewall, ServerFirewall, and MailServer on Windows Systems

Local Privilege Escalation Vulnerability in Kerio Winroute Firewall, ServerFirewall, and MailServer on Windows Systems

CVE-2004-1023 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.

Learn more about our Cis Benchmark Audit For Server Software.