#VU26157 Input validation error in Trend Micro products - CVE-2020-8468

Cybersecurity Help s.r.o.

Published: 2020-03-18

Vulnerability identifier: #VU26157

Vulnerability risk: Critical

CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2020-8468

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apex One
Client/Desktop applications / Antivirus software/Personal firewalls
OfficeScan
Client/Desktop applications / Antivirus software/Personal firewalls
Worry-Free Business Security
Client/Desktop applications / Software for system administration

Vendor: Trend Micro

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a content validation escape issue. A remote authenticated attacker can pass specially crafted input to the application and manipulate certain agent client components.

Note: the vulnerability is being actively exploited in the wild.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019

OfficeScan: XG SP1 - XG

Worry-Free Business Security: 9.5 - 10.0

External links
https://success.trendmicro.com/jp/solution/000244253
https://success.trendmicro.com/jp/solution/000244836
https://success.trendmicro.com/solution/000245571
https://success.trendmicro.com/solution/000245572

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Trend Micro Apex One and OfficeScan