CVE-2023-22897 PoC — Securepoint Unified Threat Management 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-22897.yaml

Associated Vulnerability

Title:Securepoint Unified Threat Management 安全漏洞 (CVE-2023-22897)
Description:Securepoint Unified Threat Management（Securepoint UTM）是德国Securepoint公司的一款统一威胁管理。 Securepoint Unified Threat Management 12.2.5.1之前版本存在安全漏洞，该漏洞源于存在信息泄露。攻击者可以利用该漏洞获取sessionid 来检索未初始化的数据。

Description

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.

File Snapshot


 id: CVE-2023-22897

info:
  name: Securepoint UTM - Leaking Remote Memory Contents
  author: Dhiyane

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!