https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US <br/></td> CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US <br/></td> CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"/>
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') (CWE-98)
This vulnerability affects Trend Micro Apex Central and allows remote attackers to execute arbitrary code on affected installations. The specific flaw exists within the getObjWGFServiceApiByApiName function, where there is a lack of proper validation of user-supplied data prior to passing it to a PHP include function. Authentication is required to exploit this vulnerability.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of IUSR (Internet Information Services User). This means the attacker could potentially perform actions with the same privileges as the IUSR account, which may include accessing sensitive information, modifying data, or further compromising the system. The vulnerability has been assigned a CVSS v3 base score of 7.5 (High severity), with high impacts on confidentiality, integrity, and availability. The attack vector is network-based, requires no user interaction, but does have a high attack complexity and requires low-level privileges.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
A patch is available. Trend Micro has issued an update to correct this vulnerability. Users should apply the patch as soon as possible to mitigate the risk. The patch details and more information can be found at: https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US
1. Apply the patch provided by Trend Micro immediately. 2. Ensure that authentication mechanisms are robust and properly implemented. 3. Implement network segmentation to limit the potential impact if exploitation occurs. 4. Monitor for suspicious activities, especially those related to the IUSR account. 5. Keep Trend Micro Apex Central and all related systems up-to-date with the latest security patches. 6. Implement the principle of least privilege for all user accounts and services. 7. Conduct regular security audits and vulnerability assessments to identify and address potential weaknesses.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Feedly found the first article mentioning CVE-2023-52325. See article
Feedly estimated the CVSS score as HIGH
Detection for the vulnerability has been added to Qualys (379296)
NVD published the first details for CVE-2023-52325
EPSS Score was set to: 0.44% (Percentile: 72.3%)