3 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

12 Jul 2024 — A security vulnerability has been discovered in the handling of OTP keys in the authentication system of Securepoint UTM. This vulnerability allows the bypassing of second-factor verification (when OTP is enabled) in both the administration web interface and the user portal. Affected versions include UTM 11.5 to 12.6.4 and the Reseller Preview version 12.7.0. The issue has been fixed in UTM versions 12.6.5 and 12.7.1. Securepoint UTM anterior a 12.6.5 maneja mal los códigos OTP. • https://wiki.securepoint.de/UTM/Changelog • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 3

12 Apr 2023 — An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used. SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint. • http://packetstormsecurity.com/files/171928/SecurePoint-UTM-12.x-Memory-Leak.html • CWE-908: Use of Uninitialized Resource •

CVSS: 7.6EPSS: 4%CPEs: 1EXPL: 3

12 Apr 2023 — An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface. SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint. • http://packetstormsecurity.com/files/171924/SecurePoint-UTM-12.x-Session-ID-Leak.html • CWE-863: Incorrect Authorization •