CVE-2020-8600

Name of the Vulnerable Software and Affected Versions Trend Micro Worry-Free Business Security versions 9.0 through 10.0

Description The issue exists due to insufficient input validation of the TempFileName parameter in the cgiRecvFile.exe executable of Trend Micro Worry-Free Business Security. This could allow a remote attacker to read arbitrary files on the target system by sending specially crafted HTTP requests. The vulnerability may also enable an attacker to manipulate a key file, potentially bypassing authentication.

Recommendations For versions 9.0 through 10.0, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the cgiRecvFile.exe executable until a patch is available. Avoid using the TempFileName parameter in affected HTTP requests until the issue is resolved.