Multiple vulnerabilities in Trend Micro Apex One



Published: 2021-07-28
Risk Critical
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2021-32464
CVE-2021-32465
CVE-2021-36741
CVE-2021-36742
CWE-ID CWE-276
CWE-434
CWE-119
Exploitation vector Network
Public exploit Vulnerability #3 is being exploited in the wild.
Vulnerability #4 is being exploited in the wild.
Vulnerable software
Subscribe
Apex One
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Trend Micro

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Incorrect default permissions

EUVDB-ID: #VU55406

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-32464

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can modify certain files and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 5 b9565

External links

http://success.trendmicro.com/solution/000287819
http://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_en_criticalpatch_b9601_EN_Readme.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Preservation of Permissions

EUVDB-ID: #VU55407

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-32465

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to unspecified error, related to preservation of access permissions. A remote authenticated user can bypass authentication process and gain unauthorized access to the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 5 b9565

External links

http://success.trendmicro.com/solution/000287819
http://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_en_criticalpatch_b9601_EN_Readme.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Arbitrary file upload

EUVDB-ID: #VU55408

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-36741

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the product’s management console . A remote user can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 5 b9565

External links

http://success.trendmicro.com/solution/000287819
http://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_en_criticalpatch_b9601_EN_Readme.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

4) Buffer overflow

EUVDB-ID: #VU55409

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-36742

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arability code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 5 b9565

External links

http://success.trendmicro.com/solution/000287819
http://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_en_criticalpatch_b9601_EN_Readme.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###