CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 3CVE-2023-22897 – SecurePoint UTM 12.x Memory Leak
https://notcve.org/view.php?id=CVE-2023-22897
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used. SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint. • http://packetstormsecurity.com/files/171928/SecurePoint-UTM-12.x-Memory-Leak.html http://seclists.org/fulldisclosure/2023/Apr/8 https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22897.txt https://rcesecurity.com • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3CVE-2023-22620 – SecurePoint UTM 12.x Session ID Leak
https://notcve.org/view.php?id=CVE-2023-22620
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface. SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint. • http://packetstormsecurity.com/files/171924/SecurePoint-UTM-12.x-Session-ID-Leak.html http://seclists.org/fulldisclosure/2023/Apr/7 https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22620.txt https://rcesecurity.com • CWE-863: Incorrect Authorization •