CVE-2021-36742
published 2021-07-29CVE-2021-36742: A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a…
PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
1.48%
70.7th percentile
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | trend_micro_apex_one | — | — |
| trend_micro | trend_micro_officescan | — | — |
| trend_micro | trend_micro_worry-free_business_security | — | — |
| trendmicro | apex_one | — | — |
| trendmicro | officescan | — | — |
| trendmicro | officescan_business_security | — | — |
| trendmicro | worry-free_business_security | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is a local privilege escalation via improper input validation; monitor for low-privileged processes spawning high-privileged child processes on hosts running Trend Micro Apex One, Apex One as a Service, OfficeScan XG, or Worry-Free Business Security 10.0 SP1 ↗
- →Refer to Trend Micro advisory solution 000287819 for Apex One / Apex One as a Service patch details to confirm patched vs. unpatched asset state ↗
- →Refer to Trend Micro advisory solution 000287820 for Worry-Free Business Security patch details to confirm patched vs. unpatched asset state ↗
- ·Exploitation requires the attacker to already have low-privileged code execution on the target; this is a local privilege escalation, not a remote code execution vector — network-based detections alone are insufficient ↗
- ·Affected products span multiple product lines (Apex One, Apex One as a Service, OfficeScan XG, Worry-Free Business Security 10.0 SP1); detection and patching scope must cover all variants ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h3hj-ff5j-498h: A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10
ghsa_unreviewed·2022-05-24
CVE-2021-36742 [HIGH] CWE-20 GHSA-h3hj-ff5j-498h: A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
VulnCheck
Trend Micro Multiple Products Improper Input Validation Vulnerability
vulncheck·2021·CVSS 7.8
CVE-2021-36742 [HIGH] CWE-20 Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
Affected: Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security
Required Action: Apply updates per vendor instructions.
Exploitation References: https://therecord.media/hackers-tried-to-exploit-two-zero-days-in-trend-micros-apex-one-edr-platform; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2021-11-17
CISA
Trend Micro Multiple Products Improper Input Validation Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2021-36742 [HIGH] CWE-20 Trend Micro Multiple Products Improper Input Validation Vulnerability
Vulnerability: Trend Micro Multiple Products Improper Input Validation Vulnerability
Affected: Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
Required Action: Apply updates per vendor instructions.
Notes: https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36742
Remediation Due Date: 2021-11-17
No detection rules found.
No public exploits indexed.
Tenable
CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
blogs_tenable·2022-09-14·CVSS 7.2
[HIGH] CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01
## Table of Contents
Overview
Directive Scope
CISA Catalog of Known Exploited Vulnerabilities
Detect CISAs Vulnerabilities Using Qualys VMDR
Remediation
Federal Enterprises and Agencies Can Act Now
Summary
Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
#### Table of Contents
- Overview
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISAs Vulnerabilities Using Qualys VMDR
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to
https://success.trendmicro.com/jp/solution/000287796https://success.trendmicro.com/jp/solution/000287815https://success.trendmicro.com/solution/000287819https://success.trendmicro.com/solution/000287820https://success.trendmicro.com/jp/solution/000287796https://success.trendmicro.com/jp/solution/000287815https://success.trendmicro.com/solution/000287819https://success.trendmicro.com/solution/000287820https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36742
2021-07-29
Published
2021-11-03
Added to CISA KEV
Exploited in the wild