Sophos Firewall v18.5 MR3 Resolves Security Vulnerabilities (CVE-2022-0331)

Torna alla panoramica degli advisory di sicurezza
Medium
CVE
CVE-2022-0331
Updated:
Prodotto/i
Sophos Firewall
ID di pubblicazione sophos-sa-20220328-sfos-18-5-3
Versione dell'articolo 1
Prima pubblicazione
Soluzione alternativa No

Overview

The Sophos Firewall v18.5 MR3 (18.5.3) release contains the following security fix(es):

CVE ID

Description

Severity

CVE-2022-0331

An information disclosure vulnerability allowing the device serial number to be read by an unauthenticated user in Webadmin of Sophos Firewall was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program.

Sophos would like to thank Mohammed Adel of Safe Decision Cybersecurity Labs for responsibly disclosing the issue to Sophos.

MEDIUM

Applies to the following Sophos product(s) and version(s)

  • Sophos Firewall v18.5 MR2 (18.5.2) and older

Remediation

  • Fixes included in v18.5 MR3 (18.5.3)

  • Users of older versions of Sophos Firewall are required to upgrade to receive this fix

  • Sophos always recommends that Sophos Firewall customers upgrade to the latest available release at their earliest opportunity

Sophos Responsible Disclosure Policy

To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.