https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>

Exploit
CVE-2023-52090

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Jan 23, 2024 / Updated: 10mo ago

010
CVSS 7.8EPSS 0.05%High
CVE info copied to clipboard

Summary

This vulnerability affects Trend Micro Apex One Security Agent installations and allows local attackers to escalate privileges. The flaw exists within the Virus Scan Engine. By creating a mount point, an attacker can abuse the VSApiNt driver to delete a file. This vulnerability is classified as a "Improper Link Resolution Before File Access ('Link Following')" issue.

Impact

An attacker who successfully exploits this vulnerability can escalate privileges and execute arbitrary code in the context of SYSTEM. This could lead to complete compromise of the affected system, allowing the attacker to gain full control over the machine. The vulnerability has a high impact on integrity, availability, and confidentiality of the system.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/000296151

Mitigation

1. Apply the patch provided by Trend Micro as soon as possible. 2. Limit local access to systems running Trend Micro Apex One Security Agent to trusted users only. 3. Monitor for any suspicious activities or unauthorized privilege escalations on affected systems. 4. Implement the principle of least privilege to minimize the potential impact of successful exploits. 5. Keep the Trend Micro Apex One Security Agent and all related components up to date with the latest security patches.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-52090. See article

Jan 11, 2024 at 8:03 AM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jan 11, 2024 at 8:04 AM
CVE Assignment

NVD published the first details for CVE-2023-52090

Jan 23, 2024 at 1:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jan 23, 2024 at 9:24 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379319)

Jan 24, 2024 at 10:15 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 12.6%)

Jan 31, 2024 at 4:57 PM
Static CVE Timeline Graph

Affected Systems

Trendmicro/apex_one
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-026/
+null more

Patches

success.trendmicro.com
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

Vendor Advisory

ZDI-24-026: Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-52090.

News

Multiple vulnerabilities in multiple Trend Micro products
Local privilege escalation due to a link following vulnerability - CVE-2023-52338 Apply the patch according to the information provided by the developer.
CVE-2023-52090
High Severity Description A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Read more at https://www.tenable.com/cve/CVE-2023-52090
NA - CVE-2023-52090 - A security agent link following vulnerability...
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain...
CVE-2023-52090
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. CVE-2023-52090 originally published on CyberSecurityBoard
TREND MICRO, INC. TREND MICRO APEX ONE TREND MICRO APEX ONE AS A SERVICE CVE-2023-52090 CVE-2023-52090 A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. https://www. cve.org/CVERecord?id=CVE-2023- 52090 https:// success.trendmicro.com/dcx/s/s olution/000296151?language=en_US https://www. zerodayinitiative.com/advisori es/ZDI-24-026/ # TrendMicro ,Inc. # TrendMicroApexOne # TrendMicroApexOneasaService # CVE_2023_52090 # bot
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI