Lucene search

K
cve[email protected]CVE-2023-5552
HistoryOct 18, 2023 - 12:15 a.m.

CVE-2023-5552

2023-10-1800:15:10
CWE-522
CWE-200
web.nvd.nist.gov
24
cve-2023-5552
password disclosure
spx
sophos firewall
pdf encryption
email security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.1%

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.

Affected configurations

NVD
Node
sophosfirewallRange19.5.3
CPENameOperatorVersion
sophos:firewallsophos firewallle19.5.3

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Sophos Firewall",
    "vendor": "Sophos",
    "versions": [
      {
        "status": "unaffected",
        "version": "19.5.4"
      },
      {
        "status": "unaffected",
        "version": "20.0.0"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.1%

Related for CVE-2023-5552