CVE-2016-7442 — Sensitive Information Exposure in Sophos Unified Threat Management Software

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 92.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sophos Unified Threat Management Software

Timeline

PublishedOct 3

Latest updateMay 14

Description

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

▶NVDsophos/unified_threat_management_software9.405-5

🔴Vulnerability Details

GHSA

GHSA-m7x6-w8mx-7jxr: The Frontend component in Sophos UTM with firmware 9↗2022-05-14

▶

Kernel

namei: allow restricted O_CREAT of FIFOs and regular files↗2018-08-23

▶

CVEList

CVE-2016-7442: The Frontend component in Sophos UTM with firmware 9↗2016-10-03

▶