CVE-2020-8467
Published: 18 March 2020
Summary
CVE-2020-8467 is a high-severity an unspecified weakness vulnerability in Trendmicro Officescan. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 3.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2020-8467 is a remote code execution vulnerability in the migration tool component of Trend Micro Apex One (2019) and OfficeScan XG. The flaw received a CVSS v3.1 base score of 8.8 and is tracked without a specific CWE assignment.
An authenticated remote attacker can exploit the issue over the network without user interaction to execute arbitrary code on affected installations, resulting in full compromise of confidentiality, integrity, and availability on the target system.
Trend Micro has published official solutions addressing the vulnerability in the referenced advisories. The flaw also appears in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-29333
Vulnerability details
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor patches that eliminate the authenticated RCE flaw in the migration tool component.
Restricts the privileges of authenticated users so they cannot reach or abuse the vulnerable migration tool functionality.
Enforces access-control policy on the migration tool endpoint, blocking unauthorized or unintended code-execution paths even for authenticated sessions.