Lucene search

[email protected]CVE-2020-8470

HistoryMar 18, 2020 - 1:15 a.m.

CVE-2020-8470

2020-03-1801:15:12

[email protected]

web.nvd.nist.gov

In Wild

cve-2020-8470

trend micro

apex one

officescan

vulnerability

server

file deletion

dll

nvd

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.

Affected configurations

NVD

Node

trendmicroapex_oneMatch2019

trendmicroofficescanMatchxg

trendmicroofficescanMatchxgsp1

trendmicroworry-free_business_securityMatch9.0sp3

trendmicroworry-free_business_securityMatch9.5

trendmicroworry-free_business_securityMatch10.0-

trendmicroworry-free_business_securityMatch10.0sp1

CPENameOperatorVersion
trendmicro:apex_onetrendmicro apex oneeq2019
trendmicro:officescantrendmicro officescaneqxg
trendmicro:worry-free_business_securitytrendmicro worry-free business securityeq9.0
trendmicro:worry-free_business_securitytrendmicro worry-free business securityeq9.5
trendmicro:worry-free_business_securitytrendmicro worry-free business securityeq10.0

CPE	Name	Operator	Version
trendmicro:apex_one	trendmicro apex one	eq	2019
trendmicro:officescan	trendmicro officescan	eq	xg
trendmicro:worry-free_business_security	trendmicro worry-free business security	eq	9.0
trendmicro:worry-free_business_security	trendmicro worry-free business security	eq	9.5
trendmicro:worry-free_business_security	trendmicro worry-free business security	eq	10.0

CNA Affected

[
  {
    "product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
      }
    ]
  }
]

References

success.trendmicro.com/jp/solution/000244253

success.trendmicro.com/jp/solution/000244836

success.trendmicro.com/solution/000245571

success.trendmicro.com/solution/000245572

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

Related for CVE-2020-8470

nvd1 cvelist1 checkpoint_advisories1 prion1 attackerkb2 nessus1 threatpost2