CVE-2023-22897

MEDIUM EXPLOITED NUCLEI

Securepoint Unified Threat Management - Use of Uninitialized Resource

Title source: rule

Description

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.

Nuclei Templates (1)

Securepoint UTM - Leaking Remote Memory Contents

MEDIUMVERIFIEDby DhiyaneshDK

Shodan: title:"Securepoint UTM" || http.title:"securepoint utm"

FOFA: title="securepoint utm"

References (4)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171928/SecurePoint-UTM-12.x-Memory-Leak.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2023/Apr/8

[Exploit, Third Party Advisory] https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22897.txt

View Exploit ZIP pw:eip

[Not Applicable] https://rcesecurity.com

Scores

CVSS v3 6.5

EPSS 0.8888

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-14

CWE

CWE-908

Status published

Products (1)

securepoint/unified_threat_management 12.2.3.1 - 12.2.5.1

Published Apr 12, 2023

Tracked Since Feb 18, 2026