Information Disclosure in Sophos Firewall by Sophos
CVE-2022-0331

5.3MEDIUM

Key Information:

Vendor
Sophos
Vendor
CVE Published:
29 March 2022

Summary

An information disclosure vulnerability in Sophos Firewall permits an unauthenticated remote attacker to gain unauthorized access to sensitive information, specifically the device serial number. This flaw is present in Sophos Firewall versions v18.5 MR2 and older, potentially exposing devices to risk if exploited.

Affected Version(s)

Sophos Firewall <= 18.5 MR2

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mohammed Adel of Safe Decision Cybersecurity Labs
.