CVE-2023-30902Incorrect Default Permissions in Micro INC Trend Micro Apex ONE

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 87.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro INC Trend Micro Apex ONETrendmicro Apex ONE
Timeline
PublishedJun 26
Latest updateJun 27

Description

A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDtrendmicro/apex_one< 14.0.12105+1
CVEListV5trend_micro_inc/trend_micro_apex_one201914.0.0.12024

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-698x-9q5v-3fpq: A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delet2023-06-27
CVEList
CVE-2023-30902: A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delet2023-06-26
CVE-2023-30902 — Incorrect Default Permissions | cvebase