Virus Detection Bypass in Sophos Products due to ZIP Archive Processing Flaw
CVE-2020-9363

7.8HIGH

Key Information:

Vendor: Sophos
Status: Cloud Optix; Mobile; Intercept X Endpoint; Intercept X For Server
Vendor: CVE Published:; 24 February 2020

Summary

The vulnerability allows attackers to exploit a flaw in the Sophos AV parsing engine, enabling them to bypass virus detection by using specially crafted ZIP archives. This issue affects multiple Sophos products but is noted by the vendor to have limited impact on endpoint protection as the malware is detected upon extraction.

References

https://blog.zoller.lu/p/release-mode-coordinated-disclos...

x_refsource_MISC

https://community.sophos.com/b/security-blog/posts/sophos...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2020
Vulnerability Reserved
Feb 24, 2020