SB2021122903 - Multiple vulnerabilities in Trend Micro Apex One

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Link following (CVE-ID: CVE-2021-44024)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure link following. A local user can create a specially crafted symbolic link and overwrite arbitrary files with SYSTEM privileges.

2) Link following (CVE-ID: CVE-2021-45231)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure link following. A local user can create a specially crafted symbolic link and overwrite arbitrary files with arbitrary content. Successful exploitation of the vulnerability may result in execution of arbitrary code with elevated privileges.

3) Execution with unnecessary privileges (CVE-ID: CVE-2021-45440)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to execution of.code with unnecessary privileges A local low-privileged user can run a specially crafted program to abuse an impersonation privilege and execute arbitrary code with elevated privileges.

4) Insufficient verification of data authenticity (CVE-ID: CVE-2021-45441)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an origin validation error. A local user can create a specially crafted file that to issue commands over a certain pipe and elevate to a higher level of privileges.  

Remediation

Install update from vendor's website.

References

• https://success.trendmicro.com/solution/000289996
• https://www.zerodayinitiative.com/advisories/ZDI-22-014/
• https://www.zerodayinitiative.com/advisories/ZDI-22-013/
• https://www.zerodayinitiative.com/advisories/ZDI-22-016/
• https://www.zerodayinitiative.com/advisories/ZDI-22-017/