PT-2020-20597 · F Secure+1 · F-Secure Internet Gatekeeper+3
Thierry Zoller
·
Published
2020-02-22
·
Updated
2021-07-21
·
CVE-2020-9342
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
F-Secure Cloud Protection For Salesforce versions prior to 17.0.605.474
F-Secure Email and Server Security versions prior to 17.0.605.474
F-Secure Internet GateKeeper versions prior to 17.0.605.474
Description
The issue allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This is achieved by exploiting the F-Secure AV parsing engine.
Recommendations
For F-Secure Cloud Protection For Salesforce versions prior to 17.0.605.474, update to version 17.0.605.474 or later.
For F-Secure Email and Server Security versions prior to 17.0.605.474, update to version 17.0.605.474 or later.
For F-Secure Internet GateKeeper versions prior to 17.0.605.474, update to version 17.0.605.474 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F-Secure Cloud Protection For Salesforce
F-Secure Email/Server Security
F-Secure Internet Gatekeeper
Gzip