CVE-2023-5552: Sophos Firewall Information Disclosure Vulnerability
In today’s ever-evolving landscape of cyber threats, any point of weakness is a potential jackpot for hackers. Recently, a vulnerability was discovered in the Sophos Firewall—a popular next-generation firewall (NGFW) that’s trusted by countless organizations worldwide. With a CVSS score of 7.1, CVE-2023-5552 isn’t a matter to be taken lightly.
Sophos Firewall, as its vast user base knows, offers a comprehensive protective layer against multifaceted threats. By integrating advanced threat detection, application control, and a range of networking features, it has become a preferred choice for organizations aiming for a holistic security solution.
CVE-2023-5552, as identified in the official vulnerability database, pertains to an information disclosure flaw. The glitch, surprisingly, finds its roots in the Secure PDF eXchange (SPX) feature—a feature designed to prioritize user security.
When the SPX feature’s password type is set to “specified by sender,” a loophole emerges. Crafty attackers, with a specially constructed request, can pry this door open, gaining access to sensitive information. Considering how many organizations handle confidential data, this loophole could potentially cost businesses a lot, both in terms of finances and reputation.
For the technically inclined, the affected versions are specifically:
- Sophos Firewall v19.5 MR3 (19.5.3) and older
While the software giants at Sophos acted promptly to remedy this issue, here’s what users can do in the meantime:
Workaround: Not a permanent fix but a handy trick. Users can bypass the vulnerability by tweaking their SPX templates. Setting the “Password type” to “Generated and stored for recipient” can offer an interim shield against potential exploitation.
Remediation: As always, the best way forward is to stay updated. Sophos has rolled out hotfixes for a range of versions on October 12 and 13, 2023. If you’re using the affected versions, it’s highly recommended to apply these hotfixes.
Moreover, a permanent fix has been incorporated in v19.5 MR4 (19.5.4) and v20.0 GA. Users with older versions are urged to upgrade and fortify their systems with the latest security measures.
