https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>

Exploit
CVE-2023-52091

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Jan 23, 2024 / Updated: 10mo ago

010
CVSS 7.8EPSS 0.05%High
CVE info copied to clipboard

Summary

This vulnerability affects the Trend Micro Apex One Security Agent, specifically within the Anti-Spyware Engine running in the Apex One RealTime Scan service. It allows local attackers to escalate privileges on affected installations. The flaw involves the ability to abuse the service to delete a file by creating a junction.

Impact

Successful exploitation of this vulnerability can lead to privilege escalation, allowing an attacker to execute arbitrary code in the context of SYSTEM. This means an attacker could gain full control over the affected system, potentially compromising the confidentiality, integrity, and availability of data and resources. The CVSS v3 base score is 7.8 (High), with high impacts on confidentiality, integrity, and availability.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/000296151

Mitigation

1. Apply the patch provided by Trend Micro as soon as possible. 2. Limit local access to systems running Trend Micro Apex One Security Agent to trusted users only. 3. Monitor for any suspicious activities or unauthorized privilege escalations on affected systems. 4. Implement the principle of least privilege to minimize the potential impact of successful exploits. 5. Keep the Trend Micro Apex One Security Agent and all related components up to date with the latest security patches.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-52091. See article

Jan 11, 2024 at 8:03 AM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jan 11, 2024 at 8:04 AM
CVE Assignment

NVD published the first details for CVE-2023-52091

Jan 23, 2024 at 1:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jan 24, 2024 at 12:19 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379319)

Jan 24, 2024 at 10:15 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 12.6%)

Jan 31, 2024 at 4:57 PM
Static CVE Timeline Graph

Affected Systems

Trendmicro/apex_one
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-027/
+null more

Patches

success.trendmicro.com
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

Vendor Advisory

ZDI-24-027: Trend Micro Apex One Anti-Spyware Engine Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

News

Multiple vulnerabilities in multiple Trend Micro products
Local privilege escalation due to a link following vulnerability - CVE-2023-52338 Apply the patch according to the information provided by the developer.
CVE-2023-52091
High Severity Description An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Read more at https://www.tenable.com/cve/CVE-2023-52091
NA - CVE-2023-52091 - An anti-spyware engine link following...
An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first...
CVE-2023-52091
An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. CVE-2023-52091 originally published on CyberSecurityBoard
TREND MICRO, INC. TREND MICRO APEX ONE TREND MICRO APEX ONE AS A SERVICE CVE-2023-52091 CVE-2023-52091 An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. https://www. cve.org/CVERecord?id=CVE-2023- 52091 https:// success.trendmicro.com/dcx/s/s olution/000296151?language=en_US https://www. zerodayinitiative.com/advisori es/ZDI-24-027/ # TrendMicro ,Inc. # TrendMicroApexOne # TrendMicroApexOneasaService # CVE_2023_52091 # bot
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI