Lucene search

[email protected]NVD:CVE-2023-25147

HistoryMar 10, 2023 - 9:15 p.m.

CVE-2023-25147

2023-03-1021:15:15

CWE-427

[email protected]

web.nvd.nist.gov

trend micro

apex one

administrative rights

dll

update process

exploit

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

13.3%

JSON

An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process.

Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.

Affected configurations

Nvd

Node

trendmicroapex_oneRange<14.0.11960saas

trendmicroapex_oneMatch2019-

AND

microsoftwindowsMatch-

VendorProductVersionCPE
trendmicroapex_one*cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*
trendmicroapex_one2019cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendmicro	apex_one	*	cpe:2.3:a:trendmicro:apex_one:::::saas:::*
trendmicro	apex_one	2019	cpe:2.3:a:trendmicro:apex_one:2019:-::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

success.trendmicro.com/solution/000292209

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

13.3%

JSON

Related for NVD:CVE-2023-25147

cve1 cvelist1 prion1 nessus1