Virus-Detection Bypass Vulnerability in Sophos AV Parsing Engine

Virus-Detection Bypass Vulnerability in Sophos AV Parsing Engine

CVE-2020-9363 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.

Learn more about our Web App Pen Testing.