CVE-2023-34147Improper Privilege Management in Micro INC Trend Micro Apex ONE

CWE-269Improper Privilege ManagementCWE-863Incorrect Authorization3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 77.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro INC Trend Micro Apex ONETrendmicro Apex ONE
Timeline
PublishedJun 26
Latest updateJun 27

Description

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDtrendmicro/apex_one< 14.0.12518+1
CVEListV5trend_micro_inc/trend_micro_apex_one201914.0.0.12033

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-jxvj-g7q4-jgq7: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escal2023-06-27
CVEList
CVE-2023-34147: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escal2023-06-26
CVE-2023-34147 — Improper Privilege Management | cvebase