Securepoint UTM (CVE-2023-22620, CVE-2023-22897)
Description
Securepoint UTM versions prior to 12.2.5.1 contain two critical vulnerabilities (CVE-2023-22620 and CVE-2023-22897) that can be chained together to achieve complete system compromise. CVE-2023-22620 allows an unauthenticated attacker to bypass authentication mechanisms, while CVE-2023-22897 enables remote memory content disclosure. These vulnerabilities stem from improper access control enforcement (CWE-863) and can be exploited remotely with no prior authentication required.
Remediation
Immediately upgrade Securepoint UTM to version 12.2.5.1 or later, which addresses both CVE-2023-22620 and CVE-2023-22897. Follow these steps:
1. Review the official Securepoint UTM changelog at https://wiki.securepoint.de/index.php?title=UTM/Changelog&uselang=en#Build_12.2.5.1 to understand all changes in the patched version
2. Schedule a maintenance window for the upgrade, as it may require system restart
3. Create a full backup of your current UTM configuration before proceeding
4. Apply the update to version 12.2.5.1 or later through the UTM's update mechanism
5. After upgrading, review authentication logs for any suspicious access attempts that may indicate prior exploitation
6. Consider rotating administrative credentials and reviewing user access permissions as a precautionary measure
If immediate patching is not possible, implement network-level access controls to restrict UTM management interface access to trusted IP addresses only until the update can be applied.