First published: Wed Mar 18 2020(Updated: )
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
Credit: security@trendmicro.com security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trend Micro Apex One and OfficeScan | ||
Trendmicro Apex One | =2019 | |
Trendmicro Officescan | =xg | |
Trendmicro Officescan | =xg-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8599 is a vulnerability in Trend Micro Apex One (2019) and OfficeScan XG server that allows a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login without authentication.
CVE-2020-8599 has a severity score of 9.8, which is classified as critical.
Trend Micro Apex One 2019 and Trend Micro OfficeScan XG server (including xg and xg-sp1 versions) are affected by CVE-2020-8599.
An attacker can exploit CVE-2020-8599 by sending specially crafted data to the vulnerable EXE file on the affected installations.
Yes, you can find more information about CVE-2020-8599 in the following references: [Reference 1](https://success.trendmicro.com/jp/solution/000244253) and [Reference 2](https://success.trendmicro.com/solution/000245571).