CVE-2020-9363 - OpenCVE

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sophos	Cloud Optix Endpoint Protection Intercept X Endpoint Intercept X For Server Mobile Secure Web Gateway

Configuration 1 [-]

OR	cpe:2.3:a:sophos:cloud_optix::::::::
	cpe:2.3:a:sophos:endpoint_protection::::::::
	cpe:2.3:a:sophos:intercept_x_endpoint::::::::
	cpe:2.3:a:sophos:intercept_x_for_server::::::::
	cpe:2.3:a:sophos:mobile::::::::
	cpe:2.3:a:sophos:secure_web_gateway::::::::

No data.

References

Link	Providers
https://blog.zoller.lu/p/release-mode-coordinated-disclosure-ref.html
https://community.sophos.com/b/security-blog/posts/sophos-comments-to-cve-2020-9363

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-24T15:07:39

Updated: 2024-08-04T10:26:16.016Z

Reserved: 2020-02-24T00:00:00

Link: CVE-2020-9363

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-02-24T16:15:13.250

Modified: 2022-04-18T15:13:37.727

Link: CVE-2020-9363

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-03T15:54:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.zoller.lu/p/release-mode-coordinated-disclosure-ref.html"}, {"tags": ["x_refsource_MISC"], "url": "https://community.sophos.com/b/security-blog/posts/sophos-comments-to-cve-2020-9363"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-9363", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.zoller.lu/p/release-mode-coordinated-disclosure-ref.html", "refsource": "MISC", "url": "https://blog.zoller.lu/p/release-mode-coordinated-disclosure-ref.html"}, {"name": "https://community.sophos.com/b/security-blog/posts/sophos-comments-to-cve-2020-9363", "refsource": "MISC", "url": "https://community.sophos.com/b/security-blog/posts/sophos-comments-to-cve-2020-9363"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:26:16.016Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.zoller.lu/p/release-mode-coordinated-disclosure-ref.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.sophos.com/b/security-blog/posts/sophos-comments-to-cve-2020-9363"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-9363", "datePublished": "2020-02-24T15:07:39", "dateReserved": "2020-02-24T00:00:00", "dateUpdated": "2024-08-04T10:26:16.016Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sophos:cloud_optix:*:*:*:*:*:*:*:*", "matchCriteriaId": "96B66395-50D3-4BF3-B22F-72848EC29210", "versionEndExcluding": "2020-01-14", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:endpoint_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "D839AB05-A308-48E3-B189-6D5471F12A17", "versionEndExcluding": "2020-01-14", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:intercept_x_endpoint:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8344DA0-3E5B-4EB8-9D82-D388E78F8200", "versionEndExcluding": "2020-01-14", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:intercept_x_for_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD010A1B-5CCB-4862-ADD3-A3B933CBA245", "versionEndExcluding": "2020-01-14", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:mobile:*:*:*:*:*:*:*:*", "matchCriteriaId": "646C9C76-75D1-4469-B786-8432DCD78819", "versionEndExcluding": "2020-01-14", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:secure_web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "4855C77A-365D-4EF0-B033-FC694AC96D33", "versionEndExcluding": "2020-01-14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction."}, {"lang": "es", "value": "El motor de an\u00e1lisis Sophos AV versiones anteriores a 14-01-2020 permite una omisi\u00f3n de la detecci\u00f3n de virus por medio de un archivo ZIP dise\u00f1ado. Esto afecta a Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server y Secure Web Gateway. NOTA: el proveedor considera que esto no se aplica a los productos de protecci\u00f3n endpoint porque el virus se detectar\u00eda tras la extracci\u00f3n."}], "id": "CVE-2020-9363", "lastModified": "2022-04-18T15:13:37.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-24T16:15:13.250", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blog.zoller.lu/p/release-mode-coordinated-disclosure-ref.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.sophos.com/b/security-blog/posts/sophos-comments-to-cve-2020-9363"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-436"}], "source": "nvd@nist.gov", "type": "Primary"}]}