CVE-2023-5552

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions 19.5 MR3 (19.5.3) and older

Description A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs, if the password type is set to “Specified by sender”.

Recommendations For Sophos Firewall versions 19.5 MR3 (19.5.3) and older, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Secure PDF eXchange (SPX) feature until a patch is available. Avoid using the password type set to “Specified by sender” in the affected feature until the issue is resolved.