Lucene search

TrendmicroCVE-2023-41179

HistorySep 19, 2023 - 2:15 p.m.

CVE-2023-41179

2023-09-1914:15:21

CWE-94

trendmicro

web.nvd.nist.gov

219

In Wild

cve-2023-41179

3rd party

av uninstaller

trend micro

apex one

worry-free business security

saas

vulnerability

security

nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.015

Percentile

86.9%

JSON

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.

Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

Affected configurations

Nvd

Node

microsoftwindowsMatch-

AND

trendmicroapex_oneMatch2019

trendmicroapex_oneMatch2019saas

trendmicroworry-free_business_securityMatch10.0sp1

trendmicroworry-free_business_security_servicesMatch-saas

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
trendmicroapex_one2019cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
trendmicroapex_one2019cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*
trendmicroworry-free_business_security10.0cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*
trendmicroworry-free_business_security_services-cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
trendmicro	apex_one	2019	cpe:2.3:a:trendmicro:apex_one:2019:::::::*
trendmicro	apex_one	2019	cpe:2.3:a:trendmicro:apex_one:2019::::saas:::
trendmicro	worry-free_business_security	10.0	cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1::::::
trendmicro	worry-free_business_security_services	-	cpe:2.3:a:trendmicro:worry-free_business_security_services:-::::saas:::

CNA Affected

[
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Apex One",
    "versions": [
      {
        "version": "2019 (14.0)",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "14.0.0.12380"
      }
    ]
  },
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Apex One",
    "versions": [
      {
        "version": "SaaS\t",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "14.0.12637"
      }
    ]
  },
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Worry-Free Business Security",
    "versions": [
      {
        "version": "10.0 SP1",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "10.0 SP1 Build 2495"
      }
    ]
  },
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Worry-Free Business Security Services",
    "versions": [
      {
        "version": "SaaS",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "6.7.3578 / 14.3.1105 "
      }
    ]
  }
]