Vulnerabilities > CVE-2023-22620 - Incorrect Authorization vulnerability in Securepoint Unified Threat Management
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/171924/SecurePoint-UTM-12.x-Session-ID-Leak.html
- http://packetstormsecurity.com/files/171924/SecurePoint-UTM-12.x-Session-ID-Leak.html
- http://seclists.org/fulldisclosure/2023/Apr/7
- http://seclists.org/fulldisclosure/2023/Apr/7
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22620.txt
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22620.txt
- https://rcesecurity.com
- https://rcesecurity.com