https://success.trendmicro.com/dcx/s/solution/000298063?language=en_US <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"/>https://success.trendmicro.com/dcx/s/solution/000298063?language=en_US <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"/>

Exploit
CVE-2024-36306

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Jun 10, 2024 / Updated: 5mo ago

010
CVSS 5.5EPSS 0.05%Medium
CVE info copied to clipboard

Summary

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Impact

This vulnerability could lead to a denial-of-service condition on affected Trend Micro Apex One and Apex One as a Service installations. The CVSS v3.1 score is 6.1 (Medium), with the following impact breakdown: Integrity Impact: Low, Availability Impact: High, Confidentiality Impact: None. The attack vector is local, requiring low privileges and no user interaction.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

The vulnerability data does not provide specific information about available patches.

Mitigation

While specific mitigation steps are not provided in the vulnerability data, general best practices would include: 1. Limit local access to systems running Trend Micro Apex One and Apex One as a Service. 2. Monitor for and restrict the execution of low-privileged code on affected systems. 3. Keep the Trend Micro Apex One and Apex One as a Service software updated to the latest version. 4. Follow the principle of least privilege for user accounts on affected systems.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-36306. See article

Jun 6, 2024 at 3:18 PM / ZDI Published Advisories
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jun 6, 2024 at 3:18 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379929)

Jun 10, 2024 at 7:53 AM
CVE Assignment

NVD published the first details for CVE-2024-36306

Jun 10, 2024 at 10:15 PM
CVSS

A CVSS base score of 6.1 has been assigned.

Jun 10, 2024 at 10:20 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.1%)

Jun 11, 2024 at 1:55 PM
CVSS

A CVSS base score of 5.5 has been assigned.

Oct 4, 2024 at 5:30 PM / nvd
Static CVE Timeline Graph

Affected Systems

Trendmicro/apex_one
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-568/
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

Vendor Advisory

ZDI-24-568: Trend Micro Apex One Damage Cleanup Engine Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Apex One Security Agent. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

References

SECURITY BULLETIN: May 2024 Security Bulletin for Trend Micro Apex One
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations.

News

SECURITY BULLETIN: May 2024 Security Bulletin for Trend Micro Apex One
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations.
Multiple vulnerabilities in multiple Trend Micro products
Local privilege escalation due to a link following vulnerability (CVE-2024-36305) Update the software to the latest version according to the information provided by Trend Micro Incorporated.
Multiple vulnerabilities in multiple Trend Micro products
Trend Micro Incorporated has released security updates for multiple Trend Micro products. Trend Micro Incorporated has released security updates for multiple Trend Micro products.
NA - CVE-2024-36306 - A link following vulnerability in the Trend...
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected...
CVE-2024-36306 - A link following vulnerability in the Trend Micro
CVE ID : CVE-2024-36306 Published : June 10, 2024, 10:15 p.m. 15 minutes ago Description : A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Severity: 6.1
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI