Virus Detection Bypass in Sophos Products due to ZIP Archive Processing Flaw
CVE-2020-9363
7.8HIGH
Key Information:
- Vendor
- Sophos
- Vendor
- CVE Published:
- 24 February 2020
Summary
The vulnerability allows attackers to exploit a flaw in the Sophos AV parsing engine, enabling them to bypass virus detection by using specially crafted ZIP archives. This issue affects multiple Sophos products but is noted by the vendor to have limited impact on endpoint protection as the malware is detected upon extraction.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved