Cyber Resilience

CVE-2020-8599

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 18 March 2020

Published
18 March 2020
Modified
31 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5786 98.2th percentile
Risk Priority 74 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-8599 is a critical-severity an unspecified weakness vulnerability in Trendmicro Officescan. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

Trend Micro Apex One 2019 and OfficeScan XG servers include a vulnerable executable that permits unauthenticated remote attackers to write arbitrary data to any path on the affected system and bypass ROOT login authentication. The flaw carries a CVSS 3.1 base score of 9.8, reflecting network attack vector, low complexity, and full impact on confidentiality, integrity, and availability without requiring user interaction or privileges.

An attacker can therefore send crafted requests directly to the server to place malicious files or overwrite critical components, potentially leading to full system compromise or privilege escalation through the login bypass. No authentication is needed, making the exposure available to any reachable adversary on the network.

Trend Micro has published remediation guidance in solution articles 000244253 and 000245571 that address the vulnerable executable, while the U.S. CISA Known Exploited Vulnerabilities catalog lists CVE-2020-8599 as actively used in the wild, underscoring the need for prompt application of vendor patches or configuration changes recommended in those advisories.

EU & UK References

Vulnerability details

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to…

more

exploit this vulnerability.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

trendmicro
apex one
2019
trendmicro
officescan
xg

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access-control decisions on the vulnerable EXE so that unauthenticated remote actors cannot perform arbitrary file writes or bypass ROOT login.

prevent

Requires prompt application of the vendor patches listed in solution articles 000244253 and 000245571 that eliminate the vulnerable executable.

AC-17 Remote Access partial match
prevent

Restricts remote network access paths to the Apex One/OfficeScan servers, reducing the attack surface for unauthenticated exploitation of the flaw.

References