Sophos Firewall v18.5 MR3 Resolves Security Vulnerabilities (CVE-2022-0331)

Voltar à Visão geral dos comunicados de segurança
Medium
CVE
CVE-2022-0331
Updated:
Produto(s)
Sophos Firewall
ID da publicação sophos-sa-20220328-sfos-18-5-3
Versão do artigo 1
Primeira publicação
Solução alternativa No

Overview

The Sophos Firewall v18.5 MR3 (18.5.3) release contains the following security fix(es):

CVE ID

Description

Severity

CVE-2022-0331

An information disclosure vulnerability allowing the device serial number to be read by an unauthenticated user in Webadmin of Sophos Firewall was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program.

Sophos would like to thank Mohammed Adel of Safe Decision Cybersecurity Labs for responsibly disclosing the issue to Sophos.

MEDIUM

Applies to the following Sophos product(s) and version(s)

  • Sophos Firewall v18.5 MR2 (18.5.2) and older

Remediation

  • Fixes included in v18.5 MR3 (18.5.3)

  • Users of older versions of Sophos Firewall are required to upgrade to receive this fix

  • Sophos always recommends that Sophos Firewall customers upgrade to the latest available release at their earliest opportunity

Sophos Responsible Disclosure Policy

To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.