As a cybersecurity company, before we release our products, we perform penetration tests on them to make sure they are secure. Recently, new versions of KasperskyOS-based products were released, namely Kaspersky Thin Client (KTC) and Kaspersky IoT Secure Gateway (KISG). As part of the pre-release penetration testing, we analyzed two open-source components used in these products, namely Suricata and FreeRDP projects, and discovered several vulnerabilities, which we reported to the developers of the corresponding libraries, as well as sharing the fuzzing tests we used to test FreeRDP.
The community confirmed the reported issues and registered the following CVEs:
FreeRDP: CVE-2024-32041, CVE-2024-32039, CVE-2024-32040, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460
Suricata: CVE-2024-32664
Later, using our fuzzing tests, the community found about 10 more vulnerabilities in FreeRDP. ..
Support the originator by clicking the read the rest link below.
