Overview
The Sophos Firewall v18.5 MR3 (18.5.3) release contains the following security fix(es):
CVE ID |
Description |
Severity |
---|---|---|
CVE-2022-0331 |
An information disclosure vulnerability allowing the device serial number to be read by an unauthenticated user in Webadmin of Sophos Firewall was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program. Sophos would like to thank Mohammed Adel of Safe Decision Cybersecurity Labs for responsibly disclosing the issue to Sophos. |
MEDIUM |
Applies to the following Sophos product(s) and version(s)
-
Sophos Firewall v18.5 MR2 (18.5.2) and older
Remediation
-
Fixes included in v18.5 MR3 (18.5.3)
-
Users of older versions of Sophos Firewall are required to upgrade to receive this fix
-
Sophos always recommends that Sophos Firewall customers upgrade to the latest available release at their earliest opportunity