Vulnerability CVE-2023-22620


Published: 2023-04-12   Modified: 2023-04-13

Description:
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
SecurePoint UTM 12.x Session ID Leak
Julien Ahrens
18.04.2023

Type:

CWE-200

(Information Exposure)

 References:
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22620.txt
https://rcesecurity.com

Copyright 2024, cxsecurity.com

 

Back to Top