CVE-2022-23767 The SecureGate SQL-Injection vulnerability is found in login without password, path-traversal, and file-transfer.

SecureGate’s version 9.0.0.0 and 9.0.1.0 has been found to be vulnerable to remote code execution by uploading a malicious script to a victim’s system via the following vectors. A path traversal vulnerability in the webserver has been identified. A malicious script can be uploaded to the target system by directly injecting the script via the web server’s URL field. A web-based file upload feature is also available in SecureGate. A malicious script can be uploaded to a secure gateway system by directly injecting the script via the web server’s URL field. A web-based file upload feature is also available in SecureGate. An attacker can exploit these vulnerabilities to upload a malicious script to a victim’s system via the web server’s URL field or file upload feature. This malicious script can be directly executed on the target system, giving an attacker full control of the victim’s system.

SecureGate’s version 9.0.0.0 and 9.0.1.0 path traversal vulnerability

A path traversal vulnerability has been identified in SecureGate’s version 9.0.0.0 and 9.0.1.0 software products, which allows an attacker to upload a malicious script to the target system by directly injecting the script via the web server’s URL field or file upload feature.

Products Affected By CVE-2022-23767

All versions of SecureGate.

SecureGate’s version 9.0.0.0 and 9.0.1.0 - Path Traversal Vulnerability

An attacker can exploit SecureGate’s version 9.0.0.0 and 9.0.1.0 to upload a malicious script to a victim’s system by directly inserting the malicious script into the target system via the webserver’s URL field or file upload function.
To exploit these vulnerabilities, an attacker must have valid credentials to log in to the web server and must be authenticated as an administrator of the target system. As an alternative, the attacker could exploit this vulnerability by setting up a reverse HTTPS tunnel through which malicious scripts could be uploaded to the target system, giving an attacker full control of the victim’s system without being authenticated as administrator or having valid credentials for logging into said system as administrator.

Vulnerable Packages Available

The affected versions of SecureGate are the following:
9.0.0.0 and 9.0.1.0

Path Traversal Vulnerability

A path traversal vulnerability has been identified. An attacker can exploit this vulnerability to upload a malicious script to a victim’s system by directly injecting the script via the web server’s URL field. A web-based file upload feature is also available in SecureGate.

Timeline

Published on: 09/19/2022 20:15:00 UTC
Last modified on: 09/22/2022 14:36:00 UTC

References

• https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66926
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23767