CVE-2023-5552

low-risk
Published 2023-10-18

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10 High
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Sophos

References (2)

Vendor Advisory https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password
Vendor Advisory https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password
27
/ 100
low-risk
Severity 22/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal