Researchers have discovered a vulnerability in the Sophos Firewall that could leads to a sensitive information disclosure.
The vulnerability tracked as CVE-2023-5552 with a CVSS score of 7.1, identified in the official vulnerability database, pertains to an information disclosure flaw. The glitch, surprisingly, finds its roots in the Secure PDF eXchange (SPX) feature—a feature designed to prioritize user security.
When the SPX feature’s password type is set to “specified by sender,” a loophole emerges. Crafty attackers, with a specially constructed request, can pry this door open, gaining access to sensitive information. Considering how many organizations handle confidential data, this loophole could potentially cost businesses a lot, both in terms of finances and reputation.
The vulnerability affects Sophos Firewall v19.5 MR3 (19.5.3) and older. While the software giants at Sophos acted promptly to remedy this issue, here’s what users can do in the meantime:
Workaround: Not a permanent fix but a handy trick. Users can bypass the vulnerability by tweaking their SPX templates. Setting the “Password type” to “Generated and stored for recipient” can offer an interim shield against potential exploitation.
Remediation: As always, the best way forward is to stay updated. Sophos has rolled out hotfixes for a range of versions on October 12 and 13, 2023. If you’re using the affected versions, it’s highly recommended to apply these hotfixes.
A permanent fix has been incorporated in v19.5 MR4 (19.5.4) and v20.0 GA. Users with older versions are urged to upgrade and fortify their systems with the latest security measures.