Multiple vulnerabilities in Trend Micro Apex One
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-24556 CVE-2020-24559 CVE-2020-24558 CVE-2020-24557 CVE-2020-24562 |
| CWE-ID | CWE-65 CWE-125 CWE-284 |
| Exploitation vector | Local |
| Public exploit | Vulnerability #4 is being exploited in the wild. |
| Vulnerable software Subscribe |
Apex One Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
Updated: 22.04.2021
Updated CVSS score of vulnerability #4 to reflect its in-the-wild exploitation, added additional link to vendors advisory.
1) Windows Hard Link
EUVDB-ID: #VU46135
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24556
CWE-ID:
CWE-65 - Windows hard link
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Windows improperly handles hard links within the ApexOne Security Agent. A local user can create a hard link and abuse the service to overwrite the contents of a chosen file, leading to an elevated status.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
External linkshttp://www.zerodayinitiative.com/advisories/ZDI-20-1093/
http://success.trendmicro.com/solution/000263632
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Windows Hard Link
EUVDB-ID: #VU46138
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24559
CWE-ID:
CWE-65 - Windows hard link
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Windows improperly handles hard links within the ApexOne Security Agent. A local user can create a hard link and abuse the service to overwrite the contents of a chosen file, leading to an elevated status.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
External linkshttp://www.zerodayinitiative.com/advisories/ZDI-20-1096/
http://success.trendmicro.com/solution/000263632
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU46137
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24558
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within OfcPIPC_64x.dll. A local user can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
External linkshttp://www.zerodayinitiative.com/advisories/ZDI-20-1095/
http://success.trendmicro.com/solution/000263632
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU46136
Risk: Low
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2020-24557
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the ApexOne Security Agent. A local user can manipulate a particular product folder to disable the security temporarily and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
External linkshttp://www.zerodayinitiative.com/advisories/ZDI-20-1094/
http://success.trendmicro.com/solution/000263632
http://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4126
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
5) Windows Hard Link
EUVDB-ID: #VU52480
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24562
CWE-ID:
CWE-65 - Windows hard link
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Windows improperly handles hard links within the ApexOne Security Agent. A local user can create a hard link and abuse the service to overwrite the contents of a chosen file, leading to an elevated status.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
External linkshttp://www.zerodayinitiative.com/advisories/ZDI-20-1093/
http://success.trendmicro.com/solution/000263632
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
