- 38/2023
- High
Trend Micro has released a security update to address vulnerabilities in Trend Micro Apex One and Apex One as a Service.
The severity of the addressed vulnerabilities could allow the attacker to perform various attacks such as: gaining elevated privileges and creating arbitrary directories with arbitrary ownership or uploading arbitrary files to a specific directory to fill up the file system on the affected server.
Samples of the addressed vulnerabilities:
1. Server File Upload Vulnerability (CVE-2023-0587):
• CVSS: 8.2
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
2. Improper Access Control Local Privilege Escalation Vulnerability (CVE-2023-25144):
• CVSS:7.8
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Consequences: Gain Privilege
Vulnerabilities
- CVE-2023-0587
- CVE-2023-25143
- CVE-2023-25144
- CVE-2023-25145
- CVE-2023-25146
- CVE-2023-25147
- CVE-2023-25148
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.