CVE-2020-8467, CVE-2020-8468: Vulnerabilities in Trend Micro Apex One and OfficeScan Exploited in the Wild


Multiple vulnerabilities exploited in the wild

CVE-2020-8467 is a vulnerability in Apex One and OfficeScan in a component of a migration tool. A remote, authenticated attacker could exploit this vulnerability and gain arbitrary code execution on affected Apex One and OfficeScan installations.

CVE-2020-8468 is a vulnerability in the Apex One and OfficeScan agents as a result of a content validation escape. An authenticated attacker could exploit the vulnerability to “manipulate certain agent client components.”

Trend Micro says they are aware of “at least one active attempt” to exploit these vulnerabilities in the wild. Details about these exploitation attempts are unknown.

Read more…