First published: Tue Mar 29 2022(Updated: )
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
Credit: security-alert@sophos.com security-alert@sophos.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sophos SFOS | <=18.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-0331 is an information disclosure vulnerability in Webadmin in Sophos Firewall version v18.5 MR2 and older.
An unauthenticated remote attacker can exploit CVE-2022-0331 to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
CVE-2022-0331 has a severity rating of 5.3 (medium).
Sophos Firewall version v18.5 MR2 and older are affected by CVE-2022-0331.
To fix CVE-2022-0331, you should update Sophos Firewall to version 18.5.3 or newer.