- 127/2023
- High
Trend Micro has released security updates to address multiple vulnerabilities in Apex One, and Apex One as a Service.
The addressed vulnerabilities could allow the attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on the affected products. The attacker must be able to execute low-privileged code on the target system to exploit these vulnerabilities.
Sample of the addressed vulnerabilities:
1. Security Agent Untrusted Search Path Local Privilege Escalation (CVE-2023-34144):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Security Agent Exposed Dangerous Function Local Privilege Escalation (CVE-2023-34146):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2023-34144
- CVE-2023-34145
- CVE-2023-34146
- CVE-2023-34147
- CVE-2023-34148
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.