SB2021072811 - Multiple vulnerabilities in Trend Micro Apex One

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Incorrect default permissions (CVE-ID: CVE-2021-32464)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can modify certain files and escalate privileges on the system.

2) Improper Preservation of Permissions (CVE-ID: CVE-2021-32465)

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to unspecified error, related to preservation of access permissions. A remote authenticated user can bypass authentication process and gain unauthorized access to the system.

3) Arbitrary file upload (CVE-ID: CVE-2021-36741)

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the product’s management console . A remote user can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

4) Buffer overflow (CVE-ID: CVE-2021-36742)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arability code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

References

• https://success.trendmicro.com/solution/000287819
• https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_en_criticalpatch_b9601_EN_Readme.html