all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620)

Add to bookmarks
April 11, 2023, 4:14 p.m. | Julien Ahrens

RCE Security www.rcesecurity.com

While working on a recent customer penetration test, I discovered two fascinating and somewhat weird bugs in SecurePoint’s UTM firewall solution. The first one, aka CVE-2023-22620, is rated critical for an attacker to bypass the entire authentication and gain access to the firewall’s administrative panel. Since there is an easy way to get root access […]

access advisory authentication bugs bypass bypassing critical customer cve exploit firewall panel penetration penetration test root root access securepoint solution test utm weird working

Visit resource

More from www.rcesecurity.com / RCE Security

Patch Diffing CVE-2023-28121 to Compromise a WooCommerce 9 months, 4 weeks ago | www.rcesecurity.com
advisory authentication authentication bypass back +23
SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897) 1 year ago | www.rcesecurity.com
advisory cve exploit flashback +9
SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620) 1 year ago | www.rcesecurity.com
access advisory authentication bugs +18
From Zero to Hero Part 2: Intel DCM From SQL Injection to RCE (CVE-2022-21225) 1 year, 5 months ago | www.rcesecurity.com
advisory bug bounty cve hero +5
From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP … 1 year, 5 months ago | www.rcesecurity.com
authentication bug bounty bypassing cve +5
WordPress Transposh: Exploiting a Blind SQL Injection via XSS 1 year, 9 months ago | www.rcesecurity.com
bug bounty exploiting injection sql +3
AWAE Course and OSWE Exam Review 2 years ago | www.rcesecurity.com
certifications course exam oswe +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs