PT-2022-4842 · Trend Micro · Trend Micro Apex One As A Service+1

Abdelhamid Naceri

Published

2022-03-04

Updated

2022-09-21

CVE-2022-40143

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified)

Description A link following local privilege escalation issue could allow a local attacker to abuse an insecure directory, enabling a low-privileged user to run arbitrary code with elevated privileges. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. The vulnerability is related to the Local Web Classification Server Service (LWCS) and involves incorrect link resolution before file access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2022-05902

CVE-2022-40143

ZDI-22-1191

Affected Products

Trend Micro Apex One

Trend Micro Apex One As A Service

PT-2022-4842 · Trend Micro · Trend Micro Apex One As A Service+1

CVE-2022-40143

Weakness Enumeration

Related Identifiers

Affected Products

References · 10