An issue was discovered in SecurePoint UTM before 12.2.5...
High severity
Unreviewed
Published
Apr 13, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Apr 12, 2023
Published to the GitHub Advisory Database
Apr 13, 2023
Last updated
Apr 4, 2024
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
References