Back to KEVs

CVE-2023-22897

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 10, 2023
Published Date
April 12, 2023
Last Updated
February 13, 2025
Vendor
n/a
Product
n/a
Description
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

6.5 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation
poc
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2026-01-02 00:00:00 UTC) Source

References

https://rcesecurity.com https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22897.txt http://seclists.org/fulldisclosure/2023/Apr/8 http://packetstormsecurity.com/files/171928/SecurePoint-UTM-12.x-Memory-Leak.html

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2026-01-02 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-22897.yaml 2025-04-25 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel