Published:2020/03/18  Last Updated:2020/03/18

JVNVU#91632701
Multiple vulnerabilities in Trend Micro Apex One and OfficeScan
Critical

Overview

Trend Micro Apex One and OfficeScan contain multiple vulnerabilities.

Products Affected

  • Trend Micro Apex One (on premise) 2019
  • Trend Micro OfficeScan XG SP1 and XG

Description

Trend Micro Apex One and OfficeScan contain multiple vulnerabilities listed below.

  • Migration tools on the administration server may allow remote code execution - CVE-2020-8467
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Base Score: 9.1
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:P Base Score: 6.5
  • Integrity check at downloading components to agents may be bypassed - CVE-2020-8468
    CVSS v3 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Base Score: 8.0
    CVSS v2 AV:N/AC:H/Au:S/C:P/I:P/A:P Base Score: 4.6
  • Arbitrary files on the administration server may be deleted with SYSTEM privileges - CVE-2020-8470
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H Base Score: 10.0
    CVSS v2 AV:N/AC:L/Au:N/C:N/I:C/A:C Base Score: 9.4
  • Arbitrary code may be executed remotely with SYSTEM privileges by abusing vulnerable DLL on the administration server - CVE-2020-8598
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0
    CVSS v2 AV:N/AC:L/Au:N/C:C/I:C/A:C Base Score: 10.0
  • Arbitrary files may be uploaded to the administration server - CVE-2020-8599
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0
    CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 6.4
Trend Micro Incorporated states that attacks against CVE-2020-8467 and CVE-2020-8468 has been observed.

Impact

  • A remote attacker may execute arbitrary code - CVE-2020-8467
  • A remote attacker may alter components on Apex One agents or OfficeScan clients - CVE-2020-8468
  • A remote attacker may delete arbitrary files on the server - CVE-2020-8470
  • A remote attacker may execute arbitrary code - CVE-2020-8598
  • A remote attacker may log in the administrative console without authentication or execute arbitrary code - CVE-2020-8599

Solution

Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
The developer has released the patches listed below that contain the countermeasure to the vulnerabilities.

  • Apex One 2019 CP 2117
  • OfficeScan XG SP 1 CP 5474
The developer states that the users who still use the obsolte versions that are no longer supported are recommended to upgrade to the latetst supported versions.

Apply a Workaround
The following workaround may mitigate the impacts of the vulnerability.
  • Block access to the server and the administrative console from untrusted network

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-8467
CVE-2020-8468
CVE-2020-8470
CVE-2020-8598
CVE-2020-8599
JVN iPedia