Moderate
CVE-2020-8467
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Moderate
(2 users assessed)
Moderate
(2 users assessed)Unknown
Unknown
Unknown
CVE-2020-8467
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Remote code execution vulnerability against Trend Micro Apex One (2019) and OfficeScan XG
Add Assessment
Ratings
-
Attacker ValueMedium
-
ExploitabilityMedium
Technical Analysis
Security products are notorious targets for attack because for them to perform their function, they must be elevated, so gaining execution means immediate execution as a privileged user. This CVE was discovered along with four other vulnerabilities after an internal review by Trend Micro Security Research:
CVE-2020-8468
CVE-2020-8470
CVE-2020-8598
CVE-2020-8599
There is evidence that this CVE (8467) and 8468 have exploit candidates that were seen in the wild. At this time, there are no PoCs that I could discover.
This CVE (8467) is an attack against a migration tool in Apex One and OfficeScan XG. The exact details are very murky, so it is hard to say what the remote attack surface is or how difficult it is to exploit. We can make some guesses as Trend Micro is relatively popular and remains a trusted enterprise security product.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild Report
Technical Analysis
Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
Exploited in the Wild
Would you like to delete this Exploited in the Wild Report?
Yes, delete this reportReferences
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
