CVE-2023-22620 PoC — Securepoint Unified Threat Management 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-22620.yaml

Associated Vulnerability

Title:Securepoint Unified Threat Management 信息泄露漏洞 (CVE-2023-22620)
Description:Securepoint Unified Threat Management（Securepoint UTM）是德国Securepoint公司的一款统一威胁管理。 Securepoint Unified Threat Management 12.2.5.1之前版本存在安全漏洞，该漏洞源于允许通过无效身份验获取 sessionid 信息。攻击者可以利用该漏洞绕过身份验证并访问管理界面。

Description

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.

File Snapshot


 id: CVE-2023-22620

info:
  name: SecurePoint UTM 12.x Session ID Leak
  author: DhiyaneshDK
  sever

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!