SB2021072811 - Multiple vulnerabilities in Trend Micro Apex One

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021072811

SB2021072811 - Multiple vulnerabilities in Trend Micro Apex One

Published: July 28, 2021

Security Bulletin ID SB2021072811
CSH Severity
Critical
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 25% High 25% Medium 25% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Incorrect default permissions (CVE-ID: CVE-2021-32464)

CWE-ID: CWE-276 - Incorrect Default Permissions

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can modify certain files and escalate privileges on the system.


2) Improper Preservation of Permissions (CVE-ID: CVE-2021-32465)

CWE-ID: -

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to unspecified error, related to preservation of access permissions. A remote authenticated user can bypass authentication process and gain unauthorized access to the system.


3) Arbitrary file upload (CVE-ID: CVE-2021-36741)

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red


The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the product’s management console . A remote user can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.


4) Buffer overflow (CVE-ID: CVE-2021-36742)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arability code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.


Remediation

Install update from vendor's website.

References