Vulnerabilities > CVE-2023-22897 - Use of Uninitialized Resource vulnerability in Securepoint Unified Threat Management

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

securepoint

CWE-908

NVD

Published: 2023-04-12

Updated: 2023-04-21

Summary

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.

Vulnerable Configurations

Part	Description	Count
OS	Securepoint Securepoint Unified Threat Management *	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22897.txt
https://rcesecurity.com
http://seclists.org/fulldisclosure/2023/Apr/8
http://packetstormsecurity.com/files/171928/SecurePoint-UTM-12.x-Memory-Leak.html