Описание
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
Ссылки
- ExploitThird Party Advisory
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- Not Applicable
- ExploitThird Party Advisory
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1Версия от 12.2.3.1 (включая) до 12.2.5.1 (исключая)
cpe:2.3:o:securepoint:unified_threat_management:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.88764
Высокий
6.5 Medium
CVSS3
Дефекты
CWE-908
CWE-908
Связанные уязвимости
CVSS3: 6.5
github
почти 3 года назад
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
EPSS
Процентиль: 99%
0.88764
Высокий
6.5 Medium
CVSS3
Дефекты
CWE-908
CWE-908