SB2024121667 - Multiple privilege escalation vulnerabilities in Trend Micro Apex One
Published: December 16, 2024 Updated: January 8, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Link following (CVE-ID: CVE-2024-52048)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symbolic following issue within the LogServer component. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
2) Link following (CVE-ID: CVE-2024-52049)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symbolic following issue within the LogServer component. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
3) Link following (CVE-ID: CVE-2024-52050)
The vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a symbolic following issue within the
LogServer component. A local user can force the application to create arbitrary files on the system and escalate privileges.
4) Link following (CVE-ID: CVE-2024-55631)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symbolic following issue within the antivirus engine component. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
5) Link following (CVE-ID: CVE-2024-55632)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symbolic following issue within the Security Agent component. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
6) Insufficient verification of data authenticity (CVE-ID: CVE-2024-55917)
The vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to insufficient verification of data authenticity. A local user can execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://success.trendmicro.com/en-US/solution/KA-0018217
- https://www.zerodayinitiative.com/advisories/ZDI-25-005/
- https://www.zerodayinitiative.com/advisories/ZDI-25-006/
- https://www.zerodayinitiative.com/advisories/ZDI-25-002/
- https://www.zerodayinitiative.com/advisories/ZDI-25-001/
- https://www.zerodayinitiative.com/advisories/ZDI-25-003/
- https://www.zerodayinitiative.com/advisories/ZDI-25-004/