Components Affected
Overview
A vulnerability has been identified in Sophos Firewall where a remote user can exploit this vulnerability to trigger sensitive information disclosure on the targeted system.
Description
The primary vulnerability is the password disclosure vulnerability, which has been identified and tracked under CVE-2023-5552. The vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “specified by sender”.
Impact
Solution/ Workarounds
Apply fixes issued by the vendor:
Reference
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.