CVE-2022-0331 Webadmin leaks serial numbers of vulnerable Sophos Firewalls. An attacker can use this to impersonate the affected device.

The device serial number is used to identify a specific device. For instance, it can be used to determine if a device is a new device or an old one that has been recalled. If a remote attacker knows the serial number of a device, it is possible to determine if the device is a new device or an old one that has been recalled. An attacker can also try to determine if a new device has been installed in the network. This is similar to the use of the device serial number to activate the activation lock on a device.

Vulnerability discovery and analysis

The following are the four main stages that a vulnerability discovery and analysis process goes through:

1. Discovery of Vulnerability
2. Security Assessment
3. In-depth analysis
4. Plan Review, Analysis, and Recommendations

Vulnerability details

There is a vulnerability in the device serial number used to identify a specific device. An attacker can determine if a new device has been installed in the network by attempting to connect to the device with a computer that is running Microsoft Windows. A remote attacker can also attempt to determine if a new device has been installed in the network by using an old serial number from an older model that has not been recalled. This is similar to the use of activation lock on devices which uses the device serial number as part of their activation process.
The vulnerability is due to how deleting and re-installing software works on Microsoft Windows computers. If a user deletes and re-installs software on their computer, it will change their current device serial number and make them appear as new devices on the network.

Vulnerability overview

An attacker can determine if a device is new or old, and if it has been recalled by determining the serial number of the device. An attacker can also try to determine that a new device has been installed in a network.

Vulnerability Summary

A vulnerability in the serial number of devices with a device serial number is misconfigured. An attacker can use this vulnerability to determine if the device is a new device or an old one that has been recalled. An attacker can also try to determine if a new device has been installed in the network. This is similar to the use of the device serial number to activate the activation lock on a device.
This vulnerability affects iOS, macOS, and tvOS devices.

Timeline

Published on: 03/29/2022 01:15:00 UTC
Last modified on: 04/05/2022 12:39:00 UTC

References

• https://www.sophos.com/en-us/security-advisories/sophos-sa-20220328-sfos-18-5-3
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0331