Information Disclosure Vulnerability in Sophos Connect Software
CVE-2022-48310

5.5MEDIUM

Key Information:

Vendor: Sophos
Status: Sophos Connect Client
Vendor: CVE Published:; 1 March 2023

Summary

An information disclosure flaw in Sophos Connect allows sensitive key material to be inadvertently included in technical support archives. This security issue affects all versions prior to 2.2.90, potentially exposing critical data during support interactions and increasing the risk of unauthorized access. Organizations using affected versions are urged to update immediately to mitigate potential security threats.

Affected Version(s)

Sophos Connect Client < 2.2.90

References

https://www.sophos.com/en-us/security-advisories/sophos-s...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Feb 3, 2023

Credit

Mario Melcher - Information Security Professional at SEITENBAU GmbH