An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-12T00:00:00

Updated: 2024-08-02T10:13:49.456Z

Reserved: 2023-01-04T00:00:00

Link: CVE-2023-22620

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-12T23:15:06.943

Modified: 2024-11-21T07:45:04.387

Link: CVE-2023-22620

cve-icon Redhat

No data.