Sessionid Information Disclosure and Authentication Bypass in SecurePoint UTM

Sessionid Information Disclosure and Authentication Bypass in SecurePoint UTM

CVE-2023-22620 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.

Learn more about our Web Application Penetration Testing UK.