SB2021101414 - Multiple vulnerabilities in Trend Micro Apex One
Published: October 14, 2021 Updated: October 19, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2021-23139)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the CGI interface. A remote attacker can send a specially crafted request to the application and perform a denial of service (DoS) attack.
2) Unquoted Search Path or Element (CVE-ID: CVE-2021-42101)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application allows inclusion of libraries from the current working directory. A local user can place a malicious binary file into a local directory on the system and execute arbitrary code with elevated privileges.
3) Execution with unnecessary privileges (CVE-ID: CVE-2021-42104)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application performs certain unprivileged actions with elevated privileges. A local low-privileged user can abuse such behavior to execute arbitrary code with elevated privileges.
4) Execution with unnecessary privileges (CVE-ID: CVE-2021-42108)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application performs certain unprivileged actions with elevated privileges. A local low-privileged user can abuse such behavior to execute arbitrary code with elevated privileges.
5) Unquoted Search Path or Element (CVE-ID: CVE-2021-42103)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application allows inclusion of libraries from the current working directory. A local user can place a malicious binary file into a local directory on the system and execute arbitrary code with elevated privileges.
6) Execution with unnecessary privileges (CVE-ID: CVE-2021-42105)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application performs certain unprivileged actions with elevated privileges. A local low-privileged user can abuse such behavior to execute arbitrary code with elevated privileges.
7) Execution with unnecessary privileges (CVE-ID: CVE-2021-42106)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application performs certain unprivileged actions with elevated privileges. A local low-privileged user can abuse such behavior to execute arbitrary code with elevated privileges.
8) Execution with unnecessary privileges (CVE-ID: CVE-2021-42107)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application performs certain unprivileged actions with elevated privileges. A local low-privileged user can abuse such behavior to execute arbitrary code with elevated privileges.
9) Unquoted Search Path or Element (CVE-ID: CVE-2021-42102)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application allows inclusion of libraries from the current working directory. A local user can place a malicious binary file into a local directory on the system and execute arbitrary code with elevated privileges.
10) Incorrect Privilege Assignment (CVE-ID: CVE-2021-42011)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect privilege assignment. A local user can load a specially crafted .dll file into the application and execute it with elevated privileges.
11) Stack-based buffer overflow (CVE-ID: CVE-2021-42012)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://success.trendmicro.com/solution/000289229
- https://www.zerodayinitiative.com/advisories/ZDI-21-1219/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1216/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1217/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1213/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1215/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1218/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1214/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1222/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1220/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1221/