CVE-2020-8599 - Vulnerability Details - OpenCVE

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Trendmicro	Apex One Officescan

Configuration 1 [-]

OR	cpe:2.3:a:trendmicro:apex_one:2019:::::::*
	cpe:2.3:a:trendmicro:officescan:xg:::::::*
	cpe:2.3:a:trendmicro:officescan:xg:sp1::::::

No data.

References

Link	Providers
https://success.trendmicro.com/jp/solution/000244253
https://success.trendmicro.com/solution/000245571

History

Thu, 06 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-11-03'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2020-03-18T00:30:44.000Z

Updated: 2025-02-06T19:44:10.764Z

Reserved: 2020-02-04T00:00:00.000Z

Link: CVE-2020-8599

Vulnrichment

Updated: 2024-08-04T10:03:46.134Z

NVD

Status : Analyzed

Published: 2020-03-18T01:15:12.223

Modified: 2025-02-12T20:44:17.437

Link: CVE-2020-8599

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Trend Micro OfficeScan, Trend Micro Apex One", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "OfficeScan XG (12.0), Apex One 2019 (14.0)"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary File Upload Directory Traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-18T00:30:44.000Z", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://success.trendmicro.com/solution/000245571"}, {"tags": ["x_refsource_MISC"], "url": "https://success.trendmicro.com/jp/solution/000244253"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2020-8599", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro OfficeScan, Trend Micro Apex One", "version": {"version_data": [{"version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0)"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary File Upload Directory Traversal"}]}]}, "references": {"reference_data": [{"name": "https://success.trendmicro.com/solution/000245571", "refsource": "MISC", "url": "https://success.trendmicro.com/solution/000245571"}, {"name": "https://success.trendmicro.com/jp/solution/000244253", "refsource": "MISC", "url": "https://success.trendmicro.com/jp/solution/000244253"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:03:46.134Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://success.trendmicro.com/solution/000245571"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://success.trendmicro.com/jp/solution/000244253"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-8599", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-06T19:42:20.146035Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8599"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-06T19:44:10.764Z"}}]}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2020-8599", "datePublished": "2020-03-18T00:30:44.000Z", "dateReserved": "2020-02-04T00:00:00.000Z", "dateUpdated": "2025-02-06T19:44:10.764Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://success.trendmicro.com/solution/000245571", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://success.trendmicro.com/jp/solution/000244253", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:03:46.134Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-8599", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-06T19:42:20.146035Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8599"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-06T19:42:08.485Z"}}], "cna": {"affected": [{"vendor": "Trend Micro", "product": "Trend Micro OfficeScan, Trend Micro Apex One", "versions": [{"status": "affected", "version": "OfficeScan XG (12.0), Apex One 2019 (14.0)"}]}], "references": [{"url": "https://success.trendmicro.com/solution/000245571", "tags": ["x_refsource_MISC"]}, {"url": "https://success.trendmicro.com/jp/solution/000244253", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Arbitrary File Upload Directory Traversal"}]}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2020-03-18T00:30:44.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0)"}]}, "product_name": "Trend Micro OfficeScan, Trend Micro Apex One"}]}, "vendor_name": "Trend Micro"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://success.trendmicro.com/solution/000245571", "name": "https://success.trendmicro.com/solution/000245571", "refsource": "MISC"}, {"url": "https://success.trendmicro.com/jp/solution/000244253", "name": "https://success.trendmicro.com/jp/solution/000244253", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary File Upload Directory Traversal"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-8599", "STATE": "PUBLIC", "ASSIGNER": "security@trendmicro.com"}}}}, "cveMetadata": {"cveId": "CVE-2020-8599", "state": "PUBLISHED", "dateUpdated": "2025-02-06T19:44:10.764Z", "dateReserved": "2020-02-04T00:00:00.000Z", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "datePublished": "2020-03-18T00:30:44.000Z", "assignerShortName": "trendmicro"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*", "matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*", "matchCriteriaId": "602A0266-B586-447A-A500-1145B77053E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*", "matchCriteriaId": "64600B42-4884-41F2-A683-AE1EDB79372E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability."}, {"lang": "es", "value": "El servidor de Trend Micro Apex One (2019) y OfficeScan XG, contienen un archivo EXE vulnerable que podr\u00eda permitir a un atacante remoto escribir datos arbitrarios en una ruta arbitraria en las instalaciones afectadas y omitir el inicio de sesi\u00f3n ROOT. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad."}], "id": "CVE-2020-8599", "lastModified": "2025-02-12T20:44:17.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2020-03-18T01:15:12.223", "references": [{"source": "security@trendmicro.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://success.trendmicro.com/jp/solution/000244253"}, {"source": "security@trendmicro.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://success.trendmicro.com/solution/000245571"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://success.trendmicro.com/jp/solution/000244253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://success.trendmicro.com/solution/000245571"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}