CVE-2023-47192

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Jan 23, 2024 / Updated: 10mo ago

010
CVSS 7.8EPSS 0.05%High
CVE info copied to clipboard

An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-47192. See article

Nov 7, 2023 at 3:19 AM / appweb.trendmicro.com
CVE Assignment

NVD published the first details for CVE-2023-47192

Jan 23, 2024 at 1:15 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 12.6%)

Jan 31, 2024 at 11:02 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (190415)

Feb 12, 2024 at 2:15 PM
Static CVE Timeline Graph

Affected Systems

Trendmicro/apex_one
+null more

Patches

success.trendmicro.com
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

News

Trend Micro Apex One Multiple Vulnerabilities (000295652)
According to its self-reported version, the Trend Micro application running on the remote Windows host is Apex One prior to SP1 (Server Build 12526 and Agent Build 12526). - Several origin validation vulnerabilities in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
CVE-2023-47192
High Severity Description An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Read more at https://www.tenable.com/cve/CVE-2023-47192
NA - CVE-2023-47192 - An agent link vulnerability in the Trend Micro...
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain...
CVE-2023-47192
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. CVE-2023-47192 originally published on CyberSecurityBoard
CVE-2023-47192
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI