CVE-2023-22897

Name of the Vulnerable Software and Affected Versions SecurePoint UTM versions prior to 12.2.5.1

Description An issue in the firewall's endpoint at "/spcgi.cgi" allows information disclosure of memory contents to be achieved by an authenticated user. Uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.

Recommendations For versions prior to 12.2.5.1, update to version 12.2.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/spcgi.cgi" endpoint until a patch is applied. Avoid using the sessionid in the affected endpoint until the issue is resolved.