CVE-2023-41179

2023-09-1913:44:57

trendmicro

github.com

vulnerability

trend micro

arbitrary command execution

av uninstaller module

manipulate

administrative

console access

AI Score

7.6

Confidence

Low

EPSS

0.015

Percentile

86.9%

SSVC

Exploitation

active

Automatable

Technical Impact

total

JSON

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.

Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*"
    ],
    "vendor": "trendmicro",
    "product": "apex_one",
    "versions": [
      {
        "status": "affected",
        "version": "2019"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*"
    ],
    "vendor": "trendmicro",
    "product": "worry-free_business_security",
    "versions": [
      {
        "status": "affected",
        "version": "10.0"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*"
    ],
    "vendor": "trendmicro",
    "product": "worry-free_business_security_services",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*"
    ],
    "vendor": "trendmicro",
    "product": "apex_one",
    "versions": [
      {
        "status": "affected",
        "version": "2019"
      }
    ],
    "defaultStatus": "unknown"
  }
]