daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2023-22620.yaml

patch-1
pussycat0x 2023-04-21 01:39:20 +05:30 committed by GitHub
parent 18728db8de
commit ff7f7440ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cves/2023/CVE-2023-22620.yaml
View File

@ -4,7 +4,8 @@ info:
name: SecurePoint UTM 12.x Session ID Leak
author: DhiyaneshDK
severity: medium
description: An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
description: |
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
remediation: Upgrade to version 12.2.5.1 or newer
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-22620