Published:2021/01/14  Last Updated:2021/01/14

JVNVU#92683420
Multiple vulnerabilities in Trend Micro Apex One and OfficeScan

Overview

Trend Micro Apex One and OfficeScan contain multiple vulnerabilities.

Products Affected

  • Trend Micro Apex One (on premise) 2019 CP8422 (prior to Build 8400)
  • Trend Micro Apex One (SaaS) as a Service
  • Trend Micro OfficeScan XG  SP1 prior to CP 5702

Description

Trend Micro Apex One and OfficeScan contain multiple vulnerabilities listed below.

  • Authentication Bypass (CWE-287) - CVE-2020-24563
    CVSS v3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 7.8
    CVSS v2 AV:L/AC:L/Au:N/C:P/I:P/A:P Base Score: 4.6
  • Out-of-bounds Read (CWE-125) - CVE-2020-24564, CVE-2020-24565, CVE-2020-25770, CVE-2020-25771, CVE-2020-25772
    CVSS v3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H Base Score: 5.6
    CVSS v2 AV:L/AC:L/Au:S/C:P/I:P/A:P Base Score: 4.3
  • Double Free (CWE-415) - CVE-2020-25773
    CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8
    CVSS v2 AV:L/AC:L/Au:N/C:P/I:P/A:P Base Score: 4.6
  • Out-of-bounds Read (CWE-125) - CVE-2020-25774
    CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Base Score: 3.3
    CVSS v2 AV:L/AC:L/Au:N/C:P/I:N/A:N Base Score: 2.1
  • Privilege Escalation (CWE-268) - CVE-2020-28572
    CVSS v3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Base Score: 5.7
    CVSS v2 AV:L/AC:L/Au:S/C:P/I:P/A:P Base Score: 4.3
  • IncorrectT Privilege Assignment (CWE-266) - CVE-2020-28573, CVE-2020-28576, CVE-2020-28577, CVE-2020-28582, CVE-2020-28583
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score: 5.3
    CVSS v2 AV:L/AC:L/Au:N/C:N/I:N/A:P Base Score: 2.1

Impact

  • A local attacker may obtain unauthorized privileges or execute arbitrary code by manipulating the agent unload option process - CVE-2020-24563
  • An attacker without administrative privileges may obtain sensitive information in an agent-installed environment - CVE-2020-24564, CVE-2020-24565, CVE-2020-25770, CVE-2020-25771, CVE-2020-25772
  • A local attacker may execute arbitrary code on the administrative server - CVE-2020-25773
  • An attacker without administrative privileges may obtain sensitive information on the administrative server - CVE-2020-25774
  • A user without the appropriate privileges may execute a malicious code when reinstalling the agent - CVE-2020-28572
  • A remote attaker may obtain the total number of the agents without being authenticated - CVE-2020-28573, CVE-2020-28576, CVE-2020-28577, CVE-2020-28582, CVE-2020-28583

Solution

Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
The developer has released the patches listed below that contain the countermeasure for the vulnerabilities.

  • Apex One 2019 CP8422 (Build 8400 and later)
  • OfficeScan XG SP1 CP 5702 and later
The same issue in Apex One as a Service is already fixed in the 2020 August update.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.