CVE-2020-8599

EUVD-2020-29447
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
References
https://success.trendmicro.com/jp/solution/000244253
https://success.trendmicro.com/solution/000245571
https://success.trendmicro.com/jp/solution/000244253
https://success.trendmicro.com/solution/000245571
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8599