← back
CVE-2020-8599

CVE-2020-8599

CVSS 9.8 CRITICALEPSS 11.6%● KEV
In short

Trend Micro Apex One and OfficeScan XG servers have a flaw that lets attackers write files anywhere on the system without needing to log in. This can allow them to bypass security controls and take over the computer.

Technical detail

A vulnerable executable in Trend Micro Apex One (2019) and OfficeScan XG permits unauthenticated remote attackers to write arbitrary files to arbitrary paths, enabling privilege escalation and ROOT login bypass. The vulnerability requires network access to the affected server but no credentials, resulting in complete system compromise.

Summary generated and translated by AI from the official description.
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Trend Micro · Trend Micro OfficeScan, Trend Micro Apex One

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://success.trendmicro.com/jp/solution/000244253https://success.trendmicro.com/solution/000245571https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8599