An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-03-29
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2022-03-25