CVE-2023-5552: Infoleak
First published: Wed Oct 18 2023(Updated: )
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.
Credit: security-alert@sophos.com security-alert@sophos.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sophos Firewall | <=19.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-5552?
CVE-2023-5552 is a password disclosure vulnerability in the Secure PDF eXchange (SPX) feature in Sophos Firewall version 19.5 MR3 (19.5.3) and older.
How severe is CVE-2023-5552?
CVE-2023-5552 has a severity rating of 7.1 (high).
How does CVE-2023-5552 work?
CVE-2023-5552 allows attackers with full email access to decrypt PDFs in Sophos Firewall if the password type is set to 'Specified by sender'.
Which software versions are affected by CVE-2023-5552?
Sophos Firewall version 19.5 MR3 (19.5.3) and older are affected by CVE-2023-5552.
Is there a fix for CVE-2023-5552?
Yes, Sophos has released a security advisory with instructions on how to mitigate the vulnerability. Please refer to the official Sophos security advisory for more details.
- collector/nvd-index
- collector/nvd-api
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/sophos
- canonical/sophos firewall
- version/sophos firewall/19.5.3