CVE-2023-22897
Published: 12 April 2023
Summary
CVE-2023-22897 is a medium-severity Use of Uninitialized Resource (CWE-908) vulnerability in Securepoint Unified Threat Management. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-22897 is an information disclosure vulnerability affecting SecurePoint UTM versions prior to 12.2.5.1. The flaw resides in the firewall's /spcgi.cgi endpoint and stems from use of uninitialized resources (CWE-908), allowing an authenticated user to obtain a session identifier without actually using the session and thereby retrieve arbitrary memory contents.
An attacker with low-privileged network access can exploit the issue to leak sensitive data from process memory. The CVSS 6.5 vector reflects that the attack requires only valid credentials, has low complexity, and results in high confidentiality impact without affecting integrity or availability.
Public advisories and technical write-ups hosted on Packet Storm, Full Disclosure, and a detailed GitHub advisory document the flaw and confirm that the vendor addressed it in release 12.2.5.1. The associated EPSS score has remained consistently high near 0.89 since disclosure, indicating sustained exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-27000
Vulnerability details
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid…
more
is obtained but not used.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.