Description

Securepoint UTM has two vulnerabilities that allow an unauthenticated attacker to bypass authentication and compomise the system.

Remediation

Upgrade to the latest version of Securepoint UTM.

References

Securepoint UTM changelog

SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620)

SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897)

Related Vulnerabilities

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33937)

Drupal Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2017-6381)

Oracle Database Server CVE-2009-1969 Vulnerability (CVE-2009-1969)

Sqlite Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-6607)

PostgreSQL Other Vulnerability (CVE-2006-5541)

Severity

High

Classification

CVE-2023-22620 CVE-2023-22897 CWE-863 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass Known Vulnerabilities