CVE-2020-8467

Remote code execution vulnerability against Trend Micro Apex One (2019) and OfficeScan XG

Recent assessments:

bwatters-r7 at April 14, 2020 1:56pm UTC reported:

Security products are notorious targets for attack because for them to perform their function, they must be elevated, so gaining execution means immediate execution as a privileged user. This CVE was discovered along with four other vulnerabilities after an internal review by Trend Micro Security Research:
CVE-2020-8468
CVE-2020-8470
CVE-2020-8598
CVE-2020-8599
There is evidence that this CVE (8467) and 8468 have exploit candidates that were seen in the wild. At this time, there are no PoCs that I could discover.

This CVE (8467) is an attack against a migration tool in Apex One and OfficeScan XG. The exact details are very murky, so it is hard to say what the remote attack surface is or how difficult it is to exploit. We can make some guesses as Trend Micro is relatively popular and remains a trusted enterprise security product.

gwillcox-r7 at November 22, 2020 2:20am UTC reported:

Security products are notorious targets for attack because for them to perform their function, they must be elevated, so gaining execution means immediate execution as a privileged user. This CVE was discovered along with four other vulnerabilities after an internal review by Trend Micro Security Research:
CVE-2020-8468
CVE-2020-8470
CVE-2020-8598
CVE-2020-8599
There is evidence that this CVE (8467) and 8468 have exploit candidates that were seen in the wild. At this time, there are no PoCs that I could discover.

This CVE (8467) is an attack against a migration tool in Apex One and OfficeScan XG. The exact details are very murky, so it is hard to say what the remote attack surface is or how difficult it is to exploit. We can make some guesses as Trend Micro is relatively popular and remains a trusted enterprise security product.

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 3