Lucene search

TrendmicroCVE-2020-8599

HistoryMar 18, 2020 - 1:15 a.m.

CVE-2020-8599

2020-03-1801:15:12

trendmicro

web.nvd.nist.gov

900

In Wild

cve-2020-8599

trend micro

apex one

officescan xg

vulnerability

arbitrary data write

root login bypass

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.175

Percentile

96.1%

JSON

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.

Affected configurations

Nvd

Node

trendmicroapex_oneMatch2019

trendmicroofficescanMatchxg

trendmicroofficescanMatchxgsp1

VendorProductVersionCPE
trendmicroapex_one2019cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
trendmicroofficescanxgcpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*
trendmicroofficescanxgcpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendmicro	apex_one	2019	cpe:2.3:a:trendmicro:apex_one:2019:::::::*
trendmicro	officescan	xg	cpe:2.3:a:trendmicro:officescan:xg:::::::*
trendmicro	officescan	xg	cpe:2.3:a:trendmicro:officescan:xg:sp1::::::

CNA Affected

[
  {
    "product": "Trend Micro OfficeScan, Trend Micro Apex One",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "OfficeScan XG (12.0), Apex One 2019 (14.0)"
      }
    ]
  }
]