Multiple vulnerabilities in Trend Micro Apex One



Published: 2020-08-31 | Updated: 2021-04-22
Risk Low
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2020-24556
CVE-2020-24559
CVE-2020-24558
CVE-2020-24557
CVE-2020-24562
CWE-ID CWE-65
CWE-125
CWE-284
Exploitation vector Local
Public exploit Vulnerability #4 is being exploited in the wild.
Vulnerable software
Subscribe
Apex One
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Trend Micro

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

Updated: 22.04.2021

Updated CVSS score of vulnerability #4 to reflect its in-the-wild exploitation, added additional link to vendors advisory.

1) Windows Hard Link

EUVDB-ID: #VU46135

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24556

CWE-ID: CWE-65 - Windows hard link

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Windows improperly handles hard links within the ApexOne Security Agent. A local user can create a hard link and abuse the service to overwrite the contents of a chosen file, leading to an elevated status.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019

CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1093/
http://success.trendmicro.com/solution/000263632

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Windows Hard Link

EUVDB-ID: #VU46138

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24559

CWE-ID: CWE-65 - Windows hard link

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Windows improperly handles hard links within the ApexOne Security Agent. A local user can create a hard link and abuse the service to overwrite the contents of a chosen file, leading to an elevated status.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019

CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1096/
http://success.trendmicro.com/solution/000263632

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU46137

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24558

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within OfcPIPC_64x.dll. A local user can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019

CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1095/
http://success.trendmicro.com/solution/000263632

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU46136

Risk: Low

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-24557

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the ApexOne Security Agent. A local user can manipulate a particular product folder to disable the security temporarily and gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019

CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1094/
http://success.trendmicro.com/solution/000263632
http://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4126

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

5) Windows Hard Link

EUVDB-ID: #VU52480

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24562

CWE-ID: CWE-65 - Windows hard link

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Windows improperly handles hard links within the ApexOne Security Agent. A local user can create a hard link and abuse the service to overwrite the contents of a chosen file, leading to an elevated status.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019

CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-1093/
http://success.trendmicro.com/solution/000263632

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###