Cyber Resilience

CVE-2020-8467

HighCISA KEVActive ExploitationEUVD Exploited

Published: 18 March 2020

Published
18 March 2020
Modified
31 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3111 96.9th percentile
Risk Priority 56 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-8467 is a high-severity an unspecified weakness vulnerability in Trendmicro Officescan. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 3.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2020-8467 is a remote code execution vulnerability in the migration tool component of Trend Micro Apex One (2019) and OfficeScan XG. The flaw received a CVSS v3.1 base score of 8.8 and is tracked without a specific CWE assignment.

An authenticated remote attacker can exploit the issue over the network without user interaction to execute arbitrary code on affected installations, resulting in full compromise of confidentiality, integrity, and availability on the target system.

Trend Micro has published official solutions addressing the vulnerability in the referenced advisories. The flaw also appears in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.

EU & UK References

Vulnerability details

A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

trendmicro
apex one
2019
trendmicro
officescan
xg

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of vendor patches that eliminate the authenticated RCE flaw in the migration tool component.

prevent

Restricts the privileges of authenticated users so they cannot reach or abuse the vulnerable migration tool functionality.

prevent

Enforces access-control policy on the migration tool endpoint, blocking unauthorized or unintended code-execution paths even for authenticated sessions.

References