CVE-2016-7442

low-risk

Published 2016-10-03

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.4/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Unified Threat Management Software

Affected Vendors

Sophos

References (6)

http://www.securityfocus.com/archive/1/539518/100/0/threaded

http://www.securityfocus.com/bid/93266

http://www.securitytracker.com/id/1036931

http://www.securityfocus.com/archive/1/539518/100/0/threaded

http://www.securityfocus.com/bid/93266

http://www.securitytracker.com/id/1036931

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal