CVE-2020-8468
Published: 18 March 2020
Summary
CVE-2020-8468 is a high-severity Injection (CWE-74) vulnerability in Trendmicro Worry-Free Business Security. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 4.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
Trend Micro Apex One (2019), OfficeScan XG, and Worry-Free Business Security agents (versions 9.0, 9.5, and 10.0) contain a content validation escape vulnerability tracked as CVE-2020-8468. The flaw, assigned CWE-74, resides in agent client components and permits manipulation of validated content when an authenticated user interacts with the affected software.
An attacker with valid user credentials can exploit the issue over the network with low complexity to alter agent behavior. Successful exploitation yields high impact on confidentiality, integrity, and availability of the targeted endpoint, as reflected in the CVSS 3.1 score of 8.8.
Trend Micro has published multiple solution articles detailing patches and configuration guidance for the affected products at the referenced URLs, including https://success.trendmicro.com/solution/000245571 and https://success.trendmicro.com/solution/000245572.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-29334
Vulnerability details
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of all input content to block the content-validation escape that enables manipulation of agent components.
Requires integrity checks on software and information to detect or block unauthorized manipulation of validated agent client components.
Enforces access-control decisions on authenticated sessions so that only explicitly permitted actions can reach the vulnerable validation logic.