https://success.trendmicro.com/jp/solution/000244253

https://success.trendmicro.com/solution/000245571

According to its self-reported version, the Trend Micro OfficeScan application running on the remote host is prior to 12.0 CP 5474 (XG SP1) or 12.0 CP 1988 (XG). It is, therefore, affected by multiple vulnerabilities.

-   A remote code execution vulnerability exists due to a     unsecured dll. An unauthenticated, remote attacker can     exploit this to bypass authentication and execute     arbitrary commands with root privileges.     (CVE-2020-8598), (CVE-2020-8470)     
 -  A privilege escalation vulnerability exists due to a     vulnerable EXE file. An unauthenticated, remote attacker     can exploit this to gain root access to the system.
    (CVE-2020-8599)     
-   A remote code execution vulnerability exists due to a     migration tool component vulnerability. An authenticated,     remote attacker can exploit this to bypass authentication     and execute arbitrary commands with root privileges.     (CVE-2020-8467)     
-   A content validation escape vulnerability exist in the     agent client components that could allow a authenticated     remote attacker to manipulate OfficeScan components.
    (CVE-2020-8468)

CVE-2020-8599

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins