Attacker Value
Unknown
(2 users assessed)
Exploitability
Unknown
(2 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Network
1

CVE-2020-8468

Disclosure Date: March 18, 2020
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

Add Assessment

1
Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

1
Ratings
Technical Analysis

Security products are notorious targets for attack because for them to perform their function, they must be elevated, so gaining execution means immediate execution as a privileged user. This CVE was discovered along with four other vulnerabilities after an internal review by Trend Micro Security Research:
CVE-2020-8468
CVE-2020-8470
CVE-2020-8598
CVE-2020-8599

There is evidence that this CVE (8468) and 8467 have exploit candidates that were seen in the wild. At this time, there are no PoCs that I could discover.

Trend Micro defines this vulnerability as a “content validation escape.” That sounds like a specially-crafted config file, so mitigation may include looking for configuration files on filesystems, but that’s a stretch. Many aspects on this will likely have to wait until we see more information come out, but there is a patch, so that is a likely strong starting point.

CVSS V3 Severity and Metrics
Base Score:
8.8 High
Impact Score:
5.9
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • trendmicro

Products

  • apex one 2019,
  • officescan xg,
  • worry-free business security 10.0,
  • worry-free business security 9.0,
  • worry-free business security 9.5

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis