CVE-2023-22897

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not use...

SecurePoint UTM 12.x Memory Leak

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Scor...

SecurePoint UTM 12.x Memory Leak Vulnerability

ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Score: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N...

CVE-2023-22897

creationtimestamp| type| source ---|---|--- 2023-04-13 02:29:31+00:00| seen| https://t.me/cibsecurity/62035 2023-04-14 13:24:16+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8116 2023-07-27 01:42:23+00:00| published-proof-of-concept| https://t.me/codeb0ss/962 2025-01-3...

CVE-2023-22897

SecurePoint UTM (before 12.2.5.1) permits information disclosure of memory contents via the /spcgi.cgi endpoint when accessed by an authenticated user. The issue arises from uninitialized data exposure; CVSSv3.1 indicates AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N with a base score of 6.5 (MEDIUM). Affe...