PT-2023-3204 · Trend Micro · Apex One As A Service+1

Lynn And Lays

Publicado

2023-06-06

Atualizado

2023-06-30

CVE-2023-34145

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One and Apex One as a Service (affected versions not specified)

Description The issue is related to an untrusted search path vulnerability in the security agent of Trend Micro Apex One and Apex One as a Service. This could allow a local attacker to escalate their privileges on affected installations, but the attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability enables a potential attacker to elevate their privileges and execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426

Identificadores relacionados

BDU:2023-03324

CVE-2023-34145

ZDI-23-836

Produtos afetados

Apex One As A Service

Trend Micro Apex One

PT-2023-3204 · Trend Micro · Apex One As A Service+1

CVE-2023-34145

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9