Vulnerability Details : CVE-2020-8470
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Products affected by CVE-2020-8470
- cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:worry-free_business_security:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:worry-free_business_security:9.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:worry-free_business_security:10.0:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8470
1.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8470
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.4
|
HIGH | AV:N/AC:L/Au:N/C:N/I:C/A:C |
10.0
|
9.2
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2020-8470
-
https://success.trendmicro.com/solution/000245571
Patch;Vendor Advisory
-
https://success.trendmicro.com/jp/solution/000244253
Q&A | Trend Micro Business SupportPatch;Vendor Advisory
-
https://success.trendmicro.com/jp/solution/000244836
Q&A | Trend Micro Business SupportPatch;Vendor Advisory
-
https://success.trendmicro.com/solution/000245572
Patch;Vendor Advisory
Jump to