https://success.trendmicro.com/dcx/s/solution/000298063?language=en_US <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/dcx/s/solution/000298063?language=en_US <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. The specific flaw exists within the Apex One NT RealTime Scan service. By creating a junction, an attacker can abuse the service to create arbitrary files. This vulnerability requires the attacker to first obtain the ability to execute low-privileged code on the target system.
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. This could lead to complete compromise of the affected system, allowing the attacker to gain full control over the machine, potentially leading to data theft, further lateral movement within the network, or use of the compromised system as a launching point for additional attacks.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/dcx/s/solution/000298063?language=en_US
1. Apply the security update provided by Trend Micro as soon as possible. 2. Implement the principle of least privilege to minimize the number of users with low-level access that could be exploited. 3. Monitor for suspicious activities, especially those related to the Apex One NT RealTime Scan service. 4. Implement robust access controls and network segmentation to limit the potential impact of a successful exploit. 5. Keep all systems and software up-to-date with the latest security patches.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Feedly found the first article mentioning CVE-2024-36305. See article
Feedly estimated the CVSS score as MEDIUM
Detection for the vulnerability has been added to Qualys (379929)
NVD published the first details for CVE-2024-36305
A CVSS base score of 7.8 has been assigned.
EPSS Score was set to: 0.05% (Percentile: 16.1%)