.. / CVE-2023-22620

Exploit for SecurePoint UTM 12.x Session ID Leak (CVE-2023-22620)

Description:

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall’s endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device’s authentication and get access to the administrative interface.

Nuclei Template

View the template here CVE-2023-22620.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-22620.yaml
Copy

References:

https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22620.txt
https://packetstormsecurity.com/files/171924/SecurePoint-UTM-12.x-Session-ID-Leak.html
https://rcesecurity.com
https://nvd.nist.gov/vuln/detail/CVE-2023-22620