JVNVU#91632701: Multiple vulnerabilities in Trend Micro Apex One and OfficeScan

Overview

Trend Micro Apex One and OfficeScan contain multiple vulnerabilities.

Products Affected

Trend Micro Apex One (on premise) 2019
Trend Micro OfficeScan XG SP1 and XG

Description

Trend Micro Apex One and OfficeScan contain multiple vulnerabilities listed below.

Migration tools on the administration server may allow remote code execution - CVE-2020-8467

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Base Score: 9.1

CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:P Base Score: 6.5
Integrity check at downloading components to agents may be bypassed - CVE-2020-8468

CVSS v3 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Base Score: 8.0

CVSS v2 AV:N/AC:H/Au:S/C:P/I:P/A:P Base Score: 4.6
Arbitrary files on the administration server may be deleted with SYSTEM privileges - CVE-2020-8470

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H Base Score: 10.0

CVSS v2 AV:N/AC:L/Au:N/C:N/I:C/A:C Base Score: 9.4
Arbitrary code may be executed remotely with SYSTEM privileges by abusing vulnerable DLL on the administration server - CVE-2020-8598

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0

CVSS v2 AV:N/AC:L/Au:N/C:C/I:C/A:C Base Score: 10.0
Arbitrary files may be uploaded to the administration server - CVE-2020-8599

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0

CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 6.4

Trend Micro Incorporated states that attacks against CVE-2020-8467 and CVE-2020-8468 has been observed.

Impact

A remote attacker may execute arbitrary code - CVE-2020-8467
A remote attacker may alter components on Apex One agents or OfficeScan clients - CVE-2020-8468
A remote attacker may delete arbitrary files on the server - CVE-2020-8470
A remote attacker may execute arbitrary code - CVE-2020-8598
A remote attacker may log in the administrative console without authentication or execute arbitrary code - CVE-2020-8599

Solution

Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
The developer has released the patches listed below that contain the countermeasure to the vulnerabilities.

Apex One 2019 CP 2117
OfficeScan XG SP 1 CP 5474

The developer states that the users who still use the obsolte versions that are no longer supported are recommended to upgrade to the latetst supported versions.

Apply a Workaround
The following workaround may mitigate the impacts of the vulnerability.

Block access to the server and the administrative console from untrusted network

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: Multiple Critical Vulnerabilities in Trend Micro Apex One and OfficeScan

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2020-8467
	CVE-2020-8468
	CVE-2020-8470
	CVE-2020-8598
	CVE-2020-8599
JVN iPedia

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	Base Score: 9.1
CVSS v2	AV:N/AC:L/Au:S/C:P/I:P/A:P	Base Score: 6.5

CVSS v3	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H	Base Score: 8.0
CVSS v2	AV:N/AC:H/Au:S/C:P/I:P/A:P	Base Score: 4.6

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H	Base Score: 10.0
CVSS v2	AV:N/AC:L/Au:N/C:N/I:C/A:C	Base Score: 9.4

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Base Score: 10.0
CVSS v2	AV:N/AC:L/Au:N/C:C/I:C/A:C	Base Score: 10.0

JVNVU#91632701 Multiple vulnerabilities in Trend Micro Apex One and OfficeScan Critical