Multiple vulnerabilities in Trend Micro Apex One
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2022-44647 CVE-2022-44648 CVE-2022-44649 CVE-2022-44650 CVE-2022-44651 CVE-2022-44652 CVE-2022-44653 CVE-2022-44654 |
| CWE-ID | CWE-125 CWE-787 CWE-119 CWE-362 CWE-755 CWE-22 CWE-254 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Apex One Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU69183
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-44647
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A locla user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-22-1617/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU69184
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-44648
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A locla user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-22-1618/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU69185
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-44649
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Unauthorized Change Prevention service. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-22-1619/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU69186
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-44650
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Unauthorized Change Prevention service. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-22-1616/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU69187
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-44651
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the Apex One Client Plug-in Service Manager. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-22-1620/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper handling of exceptional conditions
EUVDB-ID: #VU69188
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-44652
CWE-ID:
CWE-755 - Improper Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of errors in Trend Micro Apex One Security Agent A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-22-1621/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Path traversal
EUVDB-ID: #VU69189
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-44653
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to input validation error within the Apex One Client Plug-in Service Manager. A local user can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-22-1622/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Security features bypass
EUVDB-ID: #VU69190
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-44654
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to presence of a monitor engine component that is complied without the /SAFESEH memory protection mechanism, which helps to monitor for malicious payloads. A remote attacker can abuse this to perform a denial of service attack against the antimalware engine.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
