CVE-2023-32523

Name of the Vulnerable Software and Affected Versions Trend Micro Mobile Security (Enterprise) version 9.8 SP5 Trend Micro Mobile Security (Enterprise) versions 9.8 SP5 through versions prior to the application of Critical Patch 3

Description The issue allows a remote user to bypass authentication, potentially chaining with other vulnerabilities to achieve further exploitation. An attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability is related to widgets in the software that can be exploited for unauthenticated remote code execution.

Recommendations For Trend Micro Mobile Security (Enterprise) version 9.8 SP5, apply Critical Patch 3 to resolve the issue. For versions prior to the application of Critical Patch 3, update to a version that includes Critical Patch 3 or later to mitigate the risk. As a temporary workaround, consider restricting access to the widgets that allow authentication bypass until a patch is applied.