WEB APPLICATION VULNERABILITIES Standard & Premium

Securepoint UTM (CVE-2023-22620, CVE-2023-22897)

Description

Securepoint UTM has two vulnerabilities that allow an unauthenticated attacker to bypass authentication and compomise the system.

Remediation

Upgrade to the latest version of Securepoint UTM.

References

Securepoint UTM changelog

SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620)

SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897)

Related Vulnerabilities

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Security Bypass (5.7.19)

WebLogic Improper Input Validation Vulnerability (CVE-2020-10693)

Dolibarr Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-3991)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5341)

PHP Other Vulnerability (CVE-2007-1522)

Severity

High

Classification

CVE-2023-22620 CVE-2023-22897 CWE-863 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass Known Vulnerabilities