What is CVE-2023-5552?

CVE-2023-5552 is a high-severity vulnerability in Sophos Firewall, classified under Information Disclosure. CVSS score: 7.1/10. Published 2023-10-17.

How severe is CVE-2023-5552?

High severity. CVSS v3 base score is 7.1 out of 10.

Information disclosure in Sophos Firewall

CVE-2023-5552

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sende…

Vulnerability class: Information Disclosure

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected products

Sophos Firewall — versions 19.5.4, 20.0.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password (vendor-advisory)

Frequently asked questions

What is CVE-2023-5552?: CVE-2023-5552 is a high-severity vulnerability in Sophos Firewall, classified under Information Disclosure. CVSS score: 7.1/10. Published 2023-10-17.
How severe is CVE-2023-5552?: High severity. CVSS v3 base score is 7.1 out of 10.