Vulnerability Details : CVE-2020-9363
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.
Products affected by CVE-2020-9363
- cpe:2.3:a:sophos:endpoint_protection:*:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:cloud_optix:*:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:intercept_x_endpoint:*:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:intercept_x_for_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:mobile:*:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:secure_web_gateway:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-9363
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-9363
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2020-9363
-
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-9363
-
https://community.sophos.com/b/security-blog/posts/sophos-comments-to-cve-2020-9363
Sophos Comments to CVE-2020-9363 - Sophos CommunityVendor Advisory
-
https://blog.zoller.lu/p/release-mode-coordinated-disclosure-ref.html
Musings on Information Security and Data Privacy: [TZO-21-2020] - Sophos Generic Archive Bypass (ZIP)Third Party Advisory
Jump to