https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. The specific flaw exists within the Damage Cleanup Engine. By creating a junction, an attacker can abuse a driver to delete a file.
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. This could lead to complete compromise of the affected system, allowing the attacker to gain full control over the machine with the highest level of privileges.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/000296151
1. Apply the patch provided by Trend Micro as soon as possible. 2. Limit local access to systems running Trend Micro Apex One Security Agent to trusted users only. 3. Monitor for any suspicious activities or unauthorized privilege escalations on affected systems. 4. Implement the principle of least privilege to minimize the potential impact of successful exploits.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Feedly found the first article mentioning CVE-2023-52092. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2023-52092
Feedly estimated the CVSS score as MEDIUM
Detection for the vulnerability has been added to Qualys (379319)
EPSS Score was set to: 0.05% (Percentile: 12.6%)