Description
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Attack Vector
- local
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- changed
- Confidentiality
- high
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-200CWE-522
Metadata
- Primary Vendor
- SOPHOS
- Published
- 10/18/2023
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
sophos : firewall
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.