Multiple privilege escalation vulnerabilities in Trend Micro Apex One
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2024-52048 CVE-2024-52049 CVE-2024-52050 CVE-2024-55631 CVE-2024-55632 CVE-2024-55917 |
| CWE-ID | CWE-59 CWE-345 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Apex One Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Link following
EUVDB-ID: #VU101799
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52048
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symbolic following issue within the LogServer component. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/en-US/solution/KA-0018217
https://www.zerodayinitiative.com/advisories/ZDI-25-005/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Link following
EUVDB-ID: #VU101800
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52049
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symbolic following issue within the LogServer component. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/en-US/solution/KA-0018217
https://www.zerodayinitiative.com/advisories/ZDI-25-006/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Link following
EUVDB-ID: #VU101801
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52050
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a symbolic following issue within the
LogServer component. A local user can force the application to create arbitrary files on the system and escalate privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/en-US/solution/KA-0018217
https://www.zerodayinitiative.com/advisories/ZDI-25-002/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Link following
EUVDB-ID: #VU101802
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55631
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symbolic following issue within the antivirus engine component. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/en-US/solution/KA-0018217
https://www.zerodayinitiative.com/advisories/ZDI-25-001/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Link following
EUVDB-ID: #VU101803
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55632
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symbolic following issue within the Security Agent component. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/en-US/solution/KA-0018217
https://www.zerodayinitiative.com/advisories/ZDI-25-003/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Insufficient verification of data authenticity
EUVDB-ID: #VU101804
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-55917
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to insufficient verification of data authenticity. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/en-US/solution/KA-0018217
https://www.zerodayinitiative.com/advisories/ZDI-25-004/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
