CVE-2023-34145Untrusted Search Path in Micro INC Trend Micro Apex ONE

CWE-426Untrusted Search Path3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 85.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro INC Trend Micro Apex ONETrendmicro Apex ONE
Timeline
PublishedJun 26
Latest updateJun 27

Description

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDtrendmicro/apex_one< 14.0.12518+1
CVEListV5trend_micro_inc/trend_micro_apex_one201914.0.0.12033

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-x952-q3gw-7jp6: An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate t2023-06-27
CVEList
CVE-2023-34145: An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate t2023-06-26
CVE-2023-34145 — Untrusted Search Path | cvebase