https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US <br/></td> CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US <br/></td> CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"/>

Exploit
CVE-2023-52325

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') (CWE-98)

Published: Jan 23, 2024 / Updated: 10mo ago

010
CVSS 7.5EPSS 0.44%High
CVE info copied to clipboard

Summary

This vulnerability affects Trend Micro Apex Central and allows remote attackers to execute arbitrary code on affected installations. The specific flaw exists within the getObjWGFServiceApiByApiName function, where there is a lack of proper validation of user-supplied data prior to passing it to a PHP include function. Authentication is required to exploit this vulnerability.

Impact

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of IUSR (Internet Information Services User). This means the attacker could potentially perform actions with the same privileges as the IUSR account, which may include accessing sensitive information, modifying data, or further compromising the system. The vulnerability has been assigned a CVSS v3 base score of 7.5 (High severity), with high impacts on confidentiality, integrity, and availability. The attack vector is network-based, requires no user interaction, but does have a high attack complexity and requires low-level privileges.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Trend Micro has issued an update to correct this vulnerability. Users should apply the patch as soon as possible to mitigate the risk. The patch details and more information can be found at: https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US

Mitigation

1. Apply the patch provided by Trend Micro immediately. 2. Ensure that authentication mechanisms are robust and properly implemented. 3. Implement network segmentation to limit the potential impact if exploitation occurs. 4. Monitor for suspicious activities, especially those related to the IUSR account. 5. Keep Trend Micro Apex Central and all related systems up-to-date with the latest security patches. 6. Implement the principle of least privilege for all user accounts and services. 7. Conduct regular security audits and vulnerability assessments to identify and address potential weaknesses.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-52325. See article

Jan 11, 2024 at 8:03 AM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jan 11, 2024 at 8:04 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379296)

Jan 22, 2024 at 12:00 AM
CVE Assignment

NVD published the first details for CVE-2023-52325

Jan 23, 2024 at 1:15 PM
EPSS

EPSS Score was set to: 0.44% (Percentile: 72.3%)

Jan 31, 2024 at 3:13 PM
Static CVE Timeline Graph

Affected Systems

Trendmicro/apex_central
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-024/
+null more

Patches

success.trendmicro.com
+null more

Attack Patterns

CAPEC-193: PHP Remote File Inclusion
+null more

Vendor Advisory

ZDI-24-024: Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Trend Micro has issued an update to correct this vulnerability.

News

CVE-2023-52325
High Severity Description A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. Read more at https://www.tenable.com/cve/CVE-2023-52325
NA - CVE-2023-52325 - A local file inclusion vulnerability in one of...
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this...
CVE-2023-52325
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. CVE-2023-52325 originally published on CyberSecurityBoard
TREND MICRO, INC. TREND MICRO APEX CENTRAL CVE-2023-52325 CVE-2023-52325 A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. https://www. cve.org/CVERecord?id=CVE-2023- 52325 https:// success.trendmicro.com/dcx/s/s olution/000296153?language=en_US https://www. zerodayinitiative.com/advisori es/ZDI-24-024/ # TrendMicro ,Inc. # TrendMicroApexCentral # CVE_2023_52325 # bot
CVE-2023-52325
A local file inclusion vulnerability in one of Trend Micro Apex Central&#x27;s widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this...
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:High
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI