CVE-2020-9363

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.

El motor de análisis Sophos AV versiones anteriores a 14-01-2020 permite una omisión de la detección de virus por medio de un archivo ZIP diseñado. Esto afecta a Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server y Secure Web Gateway. NOTA: el proveedor considera que esto no se aplica a los productos de protección endpoint porque el virus se detectaría tras la extracción.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-02-24 CVE Reserved
2020-02-24 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-436: Interpretation Conflict

CAPEC

References (2)

URL	Tag	Source
https://blog.zoller.lu/p/release-mode-coordinated-disclosure-ref.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://community.sophos.com/b/security-blog/posts/sophos-comments-to-cve-2020-9363	2022-04-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sophos Search vendor "Sophos"		Cloud Optix Search vendor "Sophos" for product "Cloud Optix"				< 2020-01-14 Search vendor "Sophos" for product "Cloud Optix" and version " < 2020-01-14"		-		Affected
Sophos Search vendor "Sophos"		Endpoint Protection Search vendor "Sophos" for product "Endpoint Protection"				< 2020-01-14 Search vendor "Sophos" for product "Endpoint Protection" and version " < 2020-01-14"		-		Affected
Sophos Search vendor "Sophos"		Intercept X Endpoint Search vendor "Sophos" for product "Intercept X Endpoint"				< 2020-01-14 Search vendor "Sophos" for product "Intercept X Endpoint" and version " < 2020-01-14"		-		Affected
Sophos Search vendor "Sophos"		Intercept X For Server Search vendor "Sophos" for product "Intercept X For Server"				< 2020-01-14 Search vendor "Sophos" for product "Intercept X For Server" and version " < 2020-01-14"		-		Affected
Sophos Search vendor "Sophos"		Mobile Search vendor "Sophos" for product "Mobile"				< 2020-01-14 Search vendor "Sophos" for product "Mobile" and version " < 2020-01-14"		-		Affected
Sophos Search vendor "Sophos"		Secure Web Gateway Search vendor "Sophos" for product "Secure Web Gateway"				< 2020-01-14 Search vendor "Sophos" for product "Secure Web Gateway" and version " < 2020-01-14"		-		Affected