SB2022021515 - Multiple vulnerabilities in Trend Micro Apex One

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2022-24678)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can force the application to consume all disk space in the temporary log location and perform a denial of service (DoS) attack.

2) Link following (CVE-ID: CVE-2022-24679)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure symbolic link following. A local user can create a symbolic link to a critical file on the system and escalate privileges.

3) Link following (CVE-ID: CVE-2022-24680)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure symbolic link following. A local user can create a symbolic link to a arbitrary directory on the system and delete it with elevated privileges. The vulnerability can be used to escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://success.trendmicro.com/solution/000290464
• https://www.zerodayinitiative.com/advisories/ZDI-22-372/
• https://www.zerodayinitiative.com/advisories/ZDI-22-370/
• https://www.zerodayinitiative.com/advisories/ZDI-22-369/