.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Medium
Sophos Firewall v18.5 MR3 Resolves Security Vulnerabilities (CVE-2022-0331)
CVE(N)
CVE-2022-0331
PRODUIT(S)
Sophos Firewall
Mis à jour
2022 Mar 28
Version de l'article
1
Publié
2022 Mar 28
ID de publication
sophos-sa-20220328-sfos-18-5-3
Solution alternative
No
Overview
The Sophos Firewall v18.5 MR3 (18.5.3) release contains the following security fix(es):
CVE ID | Description | Severity |
|---|---|---|
CVE-2022-0331 | An information disclosure vulnerability allowing the device serial number to be read by an unauthenticated user in Webadmin of Sophos Firewall was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program. Sophos would like to thank Mohammed Adel of Safe Decision Cybersecurity Labs for responsibly disclosing the issue to Sophos. | MEDIUM |
Applies to the following Sophos product(s) and version(s)
Sophos Firewall v18.5 MR2 (18.5.2) and older
Remediation
Fixes included in v18.5 MR3 (18.5.3)
Users of older versions of Sophos Firewall are required to upgrade to receive this fix
Sophos always recommends that Sophos Firewall customers upgrade to the latest available release at their earliest opportunity
Related information
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.