SB2023020140 - Remote denial of service in Trend Micro Apex One
Published: February 1, 2023 Updated: February 9, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Authorization (CVE-ID: CVE-2023-0587)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to missing authorization when processing file uploads at the " /officescan/console/html/cgi/fcgiOfcDDA.exe" URL. A remote non-authenticated attacker can send a specially crafted HTTP PUT request with a malformed Content-Length header, upload an arbitrary number of large files to the SampleSubmission directory (i.e., \\PCCSRV\\TEMP\\SampleSubmission) and consume all available disk space, causing a denial of service condition.
Remediation
Install update from vendor's website.
References
- https://www.tenable.com/security/research/tra-2023-5
- https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_sp_b11564_EN_service_pack_Readme.html
- https://success.trendmicro.com/dcx/s/solution/000292183?language=en_US
- https://success.trendmicro.com/dcx/s/solution/000292209?language=en_US