https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
This vulnerability affects Trend Micro Apex One Security Agent installations and allows local attackers to escalate privileges. The flaw exists within the Virus Scan Engine. By creating a mount point, an attacker can abuse the VSApiNt driver to delete a file. This vulnerability is classified as a "Improper Link Resolution Before File Access ('Link Following')" issue.
An attacker who successfully exploits this vulnerability can escalate privileges and execute arbitrary code in the context of SYSTEM. This could lead to complete compromise of the affected system, allowing the attacker to gain full control over the machine. The vulnerability has a high impact on integrity, availability, and confidentiality of the system.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
A patch is available. Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/000296151
1. Apply the patch provided by Trend Micro as soon as possible. 2. Limit local access to systems running Trend Micro Apex One Security Agent to trusted users only. 3. Monitor for any suspicious activities or unauthorized privilege escalations on affected systems. 4. Implement the principle of least privilege to minimize the potential impact of successful exploits. 5. Keep the Trend Micro Apex One Security Agent and all related components up to date with the latest security patches.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Feedly found the first article mentioning CVE-2023-52090. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2023-52090
Feedly estimated the CVSS score as MEDIUM
Detection for the vulnerability has been added to Qualys (379319)
EPSS Score was set to: 0.05% (Percentile: 12.6%)