PT-2023-32171 · Sophos · Sophos Firewall

Published

2023-10-17

Updated

2023-10-25

CVE-2023-5552

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions 19.5 MR3 (19.5.3) and older

Description A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs, if the password type is set to “Specified by sender”.

Recommendations For Sophos Firewall versions 19.5 MR3 (19.5.3) and older, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Secure PDF eXchange (SPX) feature until a patch is available. Avoid using the password type set to “Specified by sender” in the affected feature until the issue is resolved.

Fix

Insufficiently Protected Credentials

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-200

Related Identifiers

CVE-2023-5552

Affected Products

Sophos Firewall

PT-2023-32171 · Sophos · Sophos Firewall

CVE-2023-5552

Weakness Enumeration

Related Identifiers

Affected Products

References · 14