Securepoint: >> Unified Threat Management >> 12.2.3.2 Security Vulnerabilities
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
CVSS Score
6.5
EPSS Score
0.888
Published
2023-04-12
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
CVSS Score
7.5
EPSS Score
0.851
Published
2023-04-12