Lays

**Nome do Software Vulnerável e Versões Afetadas** Apex One/SEP agent (versões afetadas não especificadas) **Descrição** Um erro de validação de origem no mecanismo de comunicação de proteção de processo permite que um invasor local escale privilégios. Para explorar este problema, o invasor deve primeiro ter a capacidade de executar código de baixo privilégio no sistema alvo. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** Apex One/SEP agent (versões afetadas não especificadas) **Descrição** Um erro de validação de origem no mecanismo de proteção de processo permite que um invasor local escale privilégios. Para explorar este problema, o invasor deve primeiro ter a capacidade de executar código de baixo privilégio no sistema alvo. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** Trend Micro TrendAI Apex One (versões afetadas não especificadas) TrendAI Apex One as a Service (versões afetadas não especificadas) **Descrição** Um problema de validação de origem no agente Apex One/SEP permite que um invasor local escale privilégios. Esta falha existe em um mecanismo de comunicação inter-processos, que é o método usado por diferentes processos para compartilhar dados. Para explorar isso, um invasor deve já ter a capacidade de executar código de baixo privilégio no sistema alvo. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** Trend Micro Apex One/SEP agent (versões afetadas não especificadas) **Descrição** Um erro de validação de origem no mecanismo de comunicação de named pipe do agente permite que um invasor local escale privilégios. Para explorar este problema, o invasor deve primeiro ter a capacidade de executar código de baixo privilégio no sistema alvo. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** Apex One/SEP agent (versões afetadas não especificadas) **Description** Um problema de validação de origem no agente pode permitir que um invasor local escale privilégios em instalações afetadas. Para explorar isso, um invasor deve primeiro ter a capacidade de executar código de baixo privilégio no sistema alvo. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** Apex One/SEP agent (versões afetadas não especificadas) **Descrição** Um problema de time-of-check time-of-use (TOCTOU) existe no agente, o qual ocorre quando um programa verifica uma condição (como a existência ou permissões de um arquivo) e então usa o resultado dessa verificação, mas a condição muda entre a verificação e o uso. Isso pode permitir que um invasor local, que já possua a capacidade de executar código de baixo privilégio no sistema alvo, escale privilégios. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Trend Micro Apex One (versões afetadas não especificadas) **Descrição** Um erro de validação de origem poderia permitir que um invasor local aumentasse seus privilégios nas instalações afetadas. Para explorar essa vulnerabilidade, o invasor deve primeiro obter a capacidade de executar código com privilégios reduzidos no sistema alvo. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Trend Micro Apex One (versões afetadas não especificadas) **Descrição** Uma vulnerabilidade em uma função perigosa exposta no agente do Trend Micro Apex One poderia permitir que um invasor local aumentasse seus privilégios nas instalações afetadas. Para explorar essa vulnerabilidade, o invasor deve primeiro obter a capacidade de executar código com privilégios reduzidos no sistema alvo. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 Zyxel USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 Zyxel USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1 Zyxel USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 **Description** A format string vulnerability in the IPSec VPN feature could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer. However, such an attack would require detailed knowledge of an affected device’s memory layout and configuration. The vulnerability is related to the use of uncontrolled format strings. **Recommendations** For Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For Zyxel USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For Zyxel USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For Zyxel USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. As a temporary workaround, consider disabling the IPSec VPN feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One and Apex One as a Service (affected versions not specified) **Description** A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The issue is related to synchronization errors when using a shared resource. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series versions 4.32 through 5.37 Patch 1 Zyxel USG FLEX series versions 4.50 through 5.37 Patch 1 Zyxel USG FLEX 50(W) series versions 4.16 through 5.37 Patch 1 Zyxel USG20(W)-VPN series versions 4.16 through 5.37 Patch 1 Zyxel USG FLEX H series versions 1.10 through 1.10 Patch 1 **Description** A format string vulnerability could allow an authenticated IPSec VPN user to cause DoS conditions against the `deviceid` daemon by sending a crafted hostname to an affected device if it has the `Device Insight` feature enabled. This issue is related to the use of uncontrolled format strings in the `Device Insight` feature of the affected devices. **Recommendations** For Zyxel ATP series versions 4.32 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For Zyxel USG FLEX series versions 4.50 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For Zyxel USG FLEX 50(W) series versions 4.16 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For Zyxel USG20(W)-VPN series versions 4.16 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For Zyxel USG FLEX H series versions 1.10 through 1.10 Patch 1, update to a version later than 1.10 Patch 1. As a temporary workaround, consider disabling the `Device Insight` feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ZyXEL USG FLEX versions 4.50 through 5.37 Patch 1 ZyXEL USG FLEX 50(W)/USG20(W)-VPN versions 4.16 through 5.37 Patch 1 ZyXEL USG FLEX H versions 1.10 through 1.10 Patch 1 ZyXEL ATP series firmware versions 4.32 through 5.37 Patch 1 NWA50AX firmware versions through 6.29(ABYW.3) WAC500 firmware versions through 6.65(ABVS.1) WAX300H firmware versions through 6.60(ACHF.1) WBE660S firmware versions through 6.65(ACGG.1) **Description** The issue is related to a post-authentication command injection vulnerability in the file upload binary, allowing an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP. This can be achieved by exploiting the vulnerability in the file upload process, which does not properly neutralize special elements used in the command. **Recommendations** For ZyXEL USG FLEX versions 4.50 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For ZyXEL USG FLEX 50(W)/USG20(W)-VPN versions 4.16 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For ZyXEL USG FLEX H versions 1.10 through 1.10 Patch 1, update to a version later than 1.10 Patch 1. For ZyXEL ATP series firmware versions 4.32 through 5.37 Patch 1, update to a version later than 5.37 Patch 1. For NWA50AX firmware versions through 6.29(ABYW.3), update to a version later than 6.29(ABYW.3). For WAC500 firmware versions through 6.65(ABVS.1), update to a version later than 6.65(ABVS.1). For WAX300H firmware versions through 6.60(ACHF.1), update to a version later than 6.60(ACHF.1). For WBE660S firmware versions through 6.65(ACGG.1), update to a version later than 6.65(ACGG.1). As a temporary workaround, consider restricting access to the FTP service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series versions 4.32 through 5.37 Patch 1 Zyxel USG FLEX series versions 4.50 through 5.37 Patch 1 **Description** A null pointer dereference issue in the Anti-Malware feature of Zyxel ATP and USG FLEX series firmware could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host. This issue is related to pointer dereference errors and can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Zyxel ATP series versions 4.32 through 5.37 Patch 1, consider disabling the `Anti-Malware` feature until a patch is available. For Zyxel USG FLEX series versions 4.50 through 5.37 Patch 1, consider disabling the `Anti-Malware` feature until a patch is available. As a temporary workaround, avoid using the `Anti-Malware` feature in the affected firmware versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series firmware versions 4.32 through 5.37 Zyxel USG FLEX series firmware versions 4.50 through 5.37 Zyxel USG FLEX 50(W) series firmware versions 4.16 through 5.37 Zyxel USG20(W)-VPN series firmware versions 4.16 through 5.37 Zyxel VPN series firmware versions 4.30 through 5.37 **Description** The issue is related to an integer overflow vulnerability in the QuickSec IPSec toolkit used in the VPN feature of various Zyxel devices. This vulnerability could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet. **Recommendations** For Zyxel ATP series firmware versions 4.32 through 5.37, update to a version that fixes the integer overflow vulnerability in the QuickSec IPSec toolkit. For Zyxel USG FLEX series firmware versions 4.50 through 5.37, update to a version that fixes the integer overflow vulnerability in the QuickSec IPSec toolkit. For Zyxel USG FLEX 50(W) series firmware versions 4.16 through 5.37, update to a version that fixes the integer overflow vulnerability in the QuickSec IPSec toolkit. For Zyxel USG20(W)-VPN series firmware versions 4.16 through 5.37, update to a version that fixes the integer overflow vulnerability in the QuickSec IPSec toolkit. For Zyxel VPN series firmware versions 4.30 through 5.37, update to a version that fixes the integer overflow vulnerability in the QuickSec IPSec toolkit. As a temporary workaround, consider restricting access to the IKE packet handling functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to insufficient data authentication in the Trend Micro Apex One security agent, which could allow a local attacker to escalate privileges on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system. This vulnerability is similar to, but not identical to, another known issue. It enables local attackers to escalate privileges on affected installations of the Trend Micro Apex One Security Agent. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** A plug-in manager origin validation issue could allow a local attacker to escalate privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an origin validation vulnerability in the Trend Micro Apex One security agent, which could allow a local attacker to escalate privileges on affected installations. To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an origin validation vulnerability in the Trend Micro Apex One security agent, which could allow a local attacker to escalate privileges on affected installations. To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an origin validation vulnerability in the Trend Micro Apex One security agent, which could allow a local attacker to escalate privileges on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an origin validation vulnerability in the Trend Micro Apex One security agent, which could allow a local attacker to escalate privileges on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.