Sophos Firewall v18.5 MR3 Resolves Security Vulnerabilities (CVE-2022-0331)

セキュリティ勧告の概要に戻る

Medium

CVE

CVE-2022-0331

Updated: 2022 3月 28

製品

Sophos Firewall

文章 ID sophos-sa-20220328-sfos-18-5-3

文章のバージョン 1

公開日 2022 3月 28

対処策 No

Overview

The Sophos Firewall v18.5 MR3 (18.5.3) release contains the following security fix(es):

CVE ID	Description	Severity
CVE-2022-0331	An information disclosure vulnerability allowing the device serial number to be read by an unauthenticated user in Webadmin of Sophos Firewall was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program. Sophos would like to thank Mohammed Adel of Safe Decision Cybersecurity Labs for responsibly disclosing the issue to Sophos.	MEDIUM

CVE ID

Description

Severity

CVE-2022-0331

An information disclosure vulnerability allowing the device serial number to be read by an unauthenticated user in Webadmin of Sophos Firewall was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program.

Sophos would like to thank Mohammed Adel of Safe Decision Cybersecurity Labs for responsibly disclosing the issue to Sophos.

MEDIUM

Applies to the following Sophos product(s) and version(s)

Sophos Firewall v18.5 MR2 (18.5.2) and older

Remediation

Fixes included in v18.5 MR3 (18.5.3)
Users of older versions of Sophos Firewall are required to upgrade to receive this fix
Sophos always recommends that Sophos Firewall customers upgrade to the latest available release at their earliest opportunity

Sophos Firewall v18.5 MR3 Resolves Security Vulnerabilities (CVE-2022-0331)

Overview

Applies to the following Sophos product(s) and version(s)

Remediation

Related information

Sophos Responsible Disclosure Policy