CVE-2023-22897
published 2023-04-12CVE-2023-22897: An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be…
PriorityP274medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.07%
89.4th percentile
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| securepoint | unified_threat_management | >= 12.2.3.1 < 12.2.5.1 | 12.2.5.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Send a POST request with an empty JSON body ({}) to /spcgi.cgi; a vulnerable response will contain both '"sessionid":' and '"mode":' fields in the JSON body with HTTP 200 and Content-Type: application/json — indicating uninitialized memory is being leaked. ↗
- →The exploit technique involves obtaining a sessionid from /spcgi.cgi but deliberately not using it, causing uninitialized memory data to be returned in the response. ↗
- →Hunt for exposed Securepoint UTM login pages using Shodan query: title:"Securepoint UTM" or http.title:"securepoint utm" to identify potentially vulnerable internet-facing instances. ↗
- ·Exploitation requires an authenticated user session; the vulnerability is not unauthenticated, though the memory leak occurs when a sessionid is obtained but not subsequently used. ↗
- ·Affected versions are SecurePoint UTM before 12.2.5.1; systems running 12.2.5.1 or later are patched. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6pw8-5p8j-m67x: An issue was discovered in SecurePoint UTM before 12
ghsa_unreviewed·2023-04-13
CVE-2023-22897 [MEDIUM] CWE-908 GHSA-6pw8-5p8j-m67x: An issue was discovered in SecurePoint UTM before 12
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
VulnCheck
securepoint unified_threat_management Use of Uninitialized Resource
vulncheck·2023·CVSS 6.5
CVE-2023-22897 [MEDIUM] securepoint unified_threat_management Use of Uninitialized Resource
securepoint unified_threat_management Use of Uninitialized Resource
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
Affected: securepoint unified_threat_management
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-14&host_type=src&vulnerability=cve-2023-22897; https://dashboard.shadowserver.org/statistics/honeypot/vulnerabili
No detection rules found.
Nuclei
Securepoint UTM - Leaking Remote Memory Contents
nuclei·CVSS 6.5
CVE-2023-22897 [MEDIUM] Securepoint UTM - Leaking Remote Memory Contents
Securepoint UTM - Leaking Remote Memory Contents
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
Template:
id: CVE-2023-22897
info:
name: Securepoint UTM - Leaking Remote Memory Contents
author: DhiyaneshDK
severity: medium
description: |
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
impac
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171928/SecurePoint-UTM-12.x-Memory-Leak.htmlhttp://seclists.org/fulldisclosure/2023/Apr/8https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22897.txthttps://rcesecurity.comhttp://packetstormsecurity.com/files/171928/SecurePoint-UTM-12.x-Memory-Leak.htmlhttp://seclists.org/fulldisclosure/2023/Apr/8https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22897.txthttps://rcesecurity.com
2023-04-12
Published
Exploited in the wild