CVE-2020-8599
Published: 18 March 2020
Summary
CVE-2020-8599 is a critical-severity an unspecified weakness vulnerability in Trendmicro Officescan. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
Trend Micro Apex One 2019 and OfficeScan XG servers include a vulnerable executable that permits unauthenticated remote attackers to write arbitrary data to any path on the affected system and bypass ROOT login authentication. The flaw carries a CVSS 3.1 base score of 9.8, reflecting network attack vector, low complexity, and full impact on confidentiality, integrity, and availability without requiring user interaction or privileges.
An attacker can therefore send crafted requests directly to the server to place malicious files or overwrite critical components, potentially leading to full system compromise or privilege escalation through the login bypass. No authentication is needed, making the exposure available to any reachable adversary on the network.
Trend Micro has published remediation guidance in solution articles 000244253 and 000245571 that address the vulnerable executable, while the U.S. CISA Known Exploited Vulnerabilities catalog lists CVE-2020-8599 as actively used in the wild, underscoring the need for prompt application of vendor patches or configuration changes recommended in those advisories.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-29447
Vulnerability details
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to…
more
exploit this vulnerability.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access-control decisions on the vulnerable EXE so that unauthenticated remote actors cannot perform arbitrary file writes or bypass ROOT login.
Requires prompt application of the vendor patches listed in solution articles 000244253 and 000245571 that eliminate the vulnerable executable.
Restricts remote network access paths to the Apex One/OfficeScan servers, reducing the attack surface for unauthenticated exploitation of the flaw.