A vulnerability has been identified in Sophos Firewall where a remote user can exploit this vulnerability to trigger sensitive information disclosure on the targeted system.
The primary vulnerability is the password disclosure vulnerability, which has been identified and tracked under CVE-2023-5552. The vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “specified by sender”.
Apply fixes issued by the vendor:
The information provided herein is on an “as is” basis, without warranty of any kind.