Vulnerability CVE-2023-22897


Published: 2023-04-12   Modified: 2023-04-13

Description:
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
SecurePoint UTM 12.x Memory Leak
Julien Ahrens
18.04.2023

Type:

CWE-457

(Use of Uninitialized Variable)

 References:
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22897.txt
https://rcesecurity.com

Copyright 2024, cxsecurity.com

 

Back to Top