- 113/2023
- Critical
Trend Micro has released security updates to fix multiple vulnerabilities across Apex One and Apex Central.
The addressed vulnerabilities could allow the attacker to gain access, gain elevated privileges, or obtain sensitive information from the affected products.
Sample of the addressed vulnerabilities:
1. Management Server Path Traversal Unauthenticated RCE Vulnerability (CVE-2023-32557):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Security Agent Time-of-Check Time-of-User LPE Vulnerability (CVE-2023-32554):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privilege
It should be highlighted that in addition to applying the critical patch on Apex One, there are some additional configuration settings needed on the Apex One Console as demonstrated in Trend Micro Apex One Security Bulletin.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.