Lucene search
Simon Zuckerbraun - Trend Micro Zero Day InitiativeZDI-22-1400HistoryOct 07, 2022 - 12:00 a.m.
Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
2022-10-0700:00:00
Simon Zuckerbraun - Trend Micro Zero Day Initiative
www.zerodayinitiative.com
6
trend micro
apex one
origin validation
privilege escalation
security agent
nt listener service
arbitrary code
system
insufficient validation
EPSS
0
Percentile
15.9%
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One NT Listener service. The issue results from insufficient validation of the origin of commands. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
cvelist
cvelist
CVE-2022-41749
2022-10-10 00:00:00
prion
prion
Input validation
2022-10-10 21:15:00
cve
cve
CVE-2022-41749
2022-10-10 21:15:12
cnvd
cnvd
Trend Micro Apex One Access Control Error Vulnerability (CNVD-2022-69152)
2022-10-11 00:00:00
nvd
nvd
CVE-2022-41749
2022-10-10 21:15:12