Information Disclosure in Sophos Firewall by Sophos
CVE-2022-0331
5.3MEDIUM
Summary
An information disclosure vulnerability in Sophos Firewall permits an unauthenticated remote attacker to gain unauthorized access to sensitive information, specifically the device serial number. This flaw is present in Sophos Firewall versions v18.5 MR2 and older, potentially exposing devices to risk if exploited.
Affected Version(s)
Sophos Firewall <= 18.5 MR2
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mohammed Adel of Safe Decision Cybersecurity Labs