CVE-2023-22620 Scanner
Detects 'Information Disclosure' vulnerability in SecurePoint UTM affects v. before 12.2.5.1.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
792 sec
Scan only one
Domain, Ipv4
Toolbox
-
SecurePoint UTM is a firewall solution designed to protect networks and users from potential cyber threats. This system's purpose is to help businesses maintain their digital security by providing anti-virus, anti-spam, web-filtering, content inspection, and intrusion detection/prevention capabilities in one package. It's an all-in-one security solution ideal for mid-sized businesses and enterprises.
CVE-2023-22620 is a vulnerability that was recently discovered in SecurePoint UTM that poses a major risk to network security. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This information can be used to bypass the device's authentication, thus gaining access to the administrative interface. Hackers could easily exploit this vulnerability and gain access to various confidential company data. This bug was discovered in versions of SecurePoint UTM released prior to 12.2.5.1.
When this vulnerability is exploited, it can cause a variety of serious issues. In extreme cases, hackers can gain access to the system and steal sensitive information such as credit card details, passwords, and other important financial and personal information. This could lead to identity theft, financial loss, legal problems, and a damaged company reputation.
Thanks to the pro features of the s4e.io platform, businesses can quickly identify vulnerabilities in their digital assets. This platform provides users with detailed reports on their digital security posture, along with recommendations to help improve it. By utilizing this platform, businesses can be confident that their networks are secure from potential cyber threats. With its user-friendly interface and ease of use, it makes conducting assessments and identifying vulnerabilities an easy and hassle-free process.
REFERENCES