Description

Securepoint UTM has two vulnerabilities that allow an unauthenticated attacker to bypass authentication and compomise the system.

Remediation

Upgrade to the latest version of Securepoint UTM.

References

Securepoint UTM changelog

SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620)

SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897)

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4909)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-6414)

TYPO3 Improper Input Validation Vulnerability (CVE-2012-1608)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5631)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-10159)

Severity

High

Classification

CVE-2023-22620 CVE-2023-22897 CWE-863 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass Known Vulnerabilities