SB2023060654 - Multiple vulnerabilities in Trend Micro Apex One
Published: June 6, 2023 Updated: June 9, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Untrusted search path (CVE-ID: CVE-2023-34144)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due insecure way of loading libraries within the Apex One Client Plug-in Service Manager. A local user can place a malicious library on the system and execute arbitrary code with elevated privileges.
2) Exposed dangerous method or function (CVE-ID: CVE-2023-34148)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in security agent due to exposed dangerous method within the Apex One NT Listener service. A local user can execute arbitrary code with elevated privileges.
3) Exposed dangerous method or function (CVE-ID: CVE-2023-34146)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in security agent due to exposed dangerous method within the Apex One NT Listener service. A local user can execute arbitrary code with elevated privileges.
4) Untrusted search path (CVE-ID: CVE-2023-34145)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due insecure way of loading libraries within the Apex One Client Plug-in Service Manager. A local user can place a malicious library on the system and execute arbitrary code with elevated privileges.
5) Exposed dangerous method or function (CVE-ID: CVE-2023-34147)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in security agent due to exposed dangerous method within the Apex One NT Listener service. A local user can execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US
- https://www.zerodayinitiative.com/advisories/ZDI-23-835/
- https://www.zerodayinitiative.com/advisories/ZDI-23-834/
- https://www.zerodayinitiative.com/advisories/ZDI-23-832/
- https://www.zerodayinitiative.com/advisories/ZDI-23-836/
- https://www.zerodayinitiative.com/advisories/ZDI-23-833/