https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>

Exploit
CVE-2023-52092

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Jan 23, 2024 / Updated: 10mo ago

010
CVSS 7.8EPSS 0.05%High
CVE info copied to clipboard

Summary

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. The specific flaw exists within the Damage Cleanup Engine. By creating a junction, an attacker can abuse a driver to delete a file.

Impact

An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. This could lead to complete compromise of the affected system, allowing the attacker to gain full control over the machine with the highest level of privileges.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/000296151

Mitigation

1. Apply the patch provided by Trend Micro as soon as possible. 2. Limit local access to systems running Trend Micro Apex One Security Agent to trusted users only. 3. Monitor for any suspicious activities or unauthorized privilege escalations on affected systems. 4. Implement the principle of least privilege to minimize the potential impact of successful exploits.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-52092. See article

Jan 11, 2024 at 8:03 AM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jan 11, 2024 at 8:04 AM
CVE Assignment

NVD published the first details for CVE-2023-52092

Jan 23, 2024 at 1:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jan 24, 2024 at 12:19 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379319)

Jan 24, 2024 at 10:15 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 12.6%)

Jan 31, 2024 at 4:57 PM
Static CVE Timeline Graph

Affected Systems

Trendmicro/apex_one
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-025/
+null more

Patches

success.trendmicro.com
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

Vendor Advisory

ZDI-24-025: Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-52092.

News

Multiple vulnerabilities in multiple Trend Micro products
Local privilege escalation due to a link following vulnerability - CVE-2023-52338 Apply the patch according to the information provided by the developer.
CVE-2023-52092
High Severity Description A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Read more at https://www.tenable.com/cve/CVE-2023-52092
NA - CVE-2023-52092 - A security agent link following vulnerability...
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain...
CVE-2023-52092
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. CVE-2023-52092 originally published on CyberSecurityBoard
TREND MICRO, INC. TREND MICRO APEX ONE TREND MICRO APEX ONE AS A SERVICE CVE-2023-52092 CVE-2023-52092 A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. https://www. cve.org/CVERecord?id=CVE-2023- 52092 https:// success.trendmicro.com/dcx/s/s olution/000296151?language=en_US https://www. zerodayinitiative.com/advisori es/ZDI-24-025/ # TrendMicro ,Inc. # TrendMicroApexOne # TrendMicroApexOneasaService # CVE_2023_52092 # bot
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI