CVE-2020-8470

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.

CVSS v3 7.5 HIGH
CVSS v2.0 9.4 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

9.4^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:C/A:C

Exploitability : 10.0 / Impact : 9.2

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://success.trendmicro.com/jp/solution/000244253	Patch Vendor Advisory
https://success.trendmicro.com/jp/solution/000244836	Patch Vendor Advisory
https://success.trendmicro.com/solution/000245571	Patch Vendor Advisory
https://success.trendmicro.com/solution/000245572	Patch Vendor Advisory
https://success.trendmicro.com/jp/solution/000244253	Patch Vendor Advisory
https://success.trendmicro.com/jp/solution/000244836	Patch Vendor Advisory
https://success.trendmicro.com/solution/000245571	Patch Vendor Advisory
https://success.trendmicro.com/solution/000245572	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:trendmicro:apex_one:2019:::::::*
	cpe:2.3:a:trendmicro:officescan:xg:::::::*
	cpe:2.3:a:trendmicro:officescan:xg:sp1::::::
	cpe:2.3:a:trendmicro:worry-free_business_security:9.0:sp3::::::
	cpe:2.3:a:trendmicro:worry-free_business_security:9.5:::::::*
	cpe:2.3:a:trendmicro:worry-free_business_security:10.0:-::::::
	cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1::::::

History

21 Nov 2024, 05:38

Type	Values Removed	Values Added
References	~~() https://success.trendmicro.com/jp/solution/000244253 - Patch, Vendor Advisory~~	() https://success.trendmicro.com/jp/solution/000244253 - Patch, Vendor Advisory
References	~~() https://success.trendmicro.com/jp/solution/000244836 - Patch, Vendor Advisory~~	() https://success.trendmicro.com/jp/solution/000244836 - Patch, Vendor Advisory
References	~~() https://success.trendmicro.com/solution/000245571 - Patch, Vendor Advisory~~	() https://success.trendmicro.com/solution/000245571 - Patch, Vendor Advisory
References	~~() https://success.trendmicro.com/solution/000245572 - Patch, Vendor Advisory~~	() https://success.trendmicro.com/solution/000245572 - Patch, Vendor Advisory

Information

Published : 2020-03-18 01:15

Updated : 2024-11-21 05:38

NVD link : CVE-2020-8470

Mitre link : CVE-2020-8470

CVE.ORG link : CVE-2020-8470

JSON object : View

Products Affected

trendmicro

officescan
apex_one
worry-free_business_security

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-8470", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-03-18T01:15:12.083", "references": [{"url": "https://success.trendmicro.com/jp/solution/000244253", "tags": ["Patch", "Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://success.trendmicro.com/jp/solution/000244836", "tags": ["Patch", "Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://success.trendmicro.com/solution/000245571", "tags": ["Patch", "Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://success.trendmicro.com/solution/000245572", "tags": ["Patch", "Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://success.trendmicro.com/jp/solution/000244253", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://success.trendmicro.com/jp/solution/000244836", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://success.trendmicro.com/solution/000245571", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://success.trendmicro.com/solution/000245572", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."}, {"lang": "es", "value": "El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podr\u00eda permitir a un atacante eliminar cualquier archivo en el servidor con privilegios de nivel SYSTEM. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad."}], "lastModified": "2024-11-21T05:38:54.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"}, {"criteria": "cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "602A0266-B586-447A-A500-1145B77053E8"}, {"criteria": "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64600B42-4884-41F2-A683-AE1EDB79372E"}, {"criteria": "cpe:2.3:a:trendmicro:worry-free_business_security:9.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83FF66BA-6904-4D7F-944F-64896AD6CF3D"}, {"criteria": "cpe:2.3:a:trendmicro:worry-free_business_security:9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E482D0E-3CC6-4D32-AC2E-6A506066ECAB"}, {"criteria": "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A0EDD09-FA88-46A8-A62F-551EB253F722"}, {"criteria": "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFCE8717-85D2-4F4F-91DF-C6DA341C4E19"}], "operator": "OR"}]}], "sourceIdentifier": "security@trendmicro.com"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

9.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-8470

7.5^/10

9.4^/10

Attach tags to `CVE-2020-8470`