Unknown
CVE-2020-8468
CVE-2020-8468
Description
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Add Assessment
Technical Analysis
Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888
Technical Analysis
Security products are notorious targets for attack because for them to perform their function, they must be elevated, so gaining execution means immediate execution as a privileged user. This CVE was discovered along with four other vulnerabilities after an internal review by Trend Micro Security Research:
CVE-2020-8468
CVE-2020-8470
CVE-2020-8598
CVE-2020-8599
There is evidence that this CVE (8468) and 8467 have exploit candidates that were seen in the wild. At this time, there are no PoCs that I could discover.
Trend Micro defines this vulnerability as a “content validation escape.” That sounds like a specially-crafted config file, so mitigation may include looking for configuration files on filesystems, but that’s a stretch. Many aspects on this will likely have to wait until we see more information come out, but there is a patch, so that is a likely strong starting point.
CVSS V3 Severity and Metrics
General Information
Vendors
- trendmicro
Products
- apex one 2019,
- officescan xg,
- worry-free business security 10.0,
- worry-free business security 9.0,
- worry-free business security 9.5
Exploited in the Wild
References
