Multiple vulnerabilities in Trend Micro Apex One



| Updated: 2022-09-14
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2022-40139
CVE-2022-40140
CVE-2022-40141
CVE-2022-40142
CVE-2022-40143
CVE-2022-40144
CWE-ID CWE-345
CWE-310
CWE-59
CWE-287
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerable software
Apex One
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Trend Micro

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Insufficient verification of data authenticity

EUVDB-ID: #VU67207

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-40139

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to improper input validation within the rollback functionality. A remote authenticated user with access to the administrative console can force the agent into downloading unverified rollback components and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: CP B2049 - 2019

CPE2.3 External links

http://success.trendmicro.com/jp/solution/000291471
http://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Insufficient verification of data authenticity

EUVDB-ID: #VU67208

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40140

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to source validation error within the Apex One NT Listener service. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: CP B2049 - 2019

CPE2.3 External links

http://success.trendmicro.com/jp/solution/000291471
http://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
http://www.zerodayinitiative.com/advisories/ZDI-22-1189/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cryptographic issues

EUVDB-ID: #VU67209

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40141

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to unspecified error, related to data transport. A remote attacker can decrypt certain communication with the application and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: CP B2049 - 2019

CPE2.3 External links

http://success.trendmicro.com/jp/solution/000291471
http://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Link following

EUVDB-ID: #VU67210

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40142

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure link following. A local user can create a specially crafted link on the system and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: CP B2049 - 2019

CPE2.3 External links

http://success.trendmicro.com/jp/solution/000291471
http://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
http://www.zerodayinitiative.com/advisories/ZDI-22-1190/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Link following

EUVDB-ID: #VU67211

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40143

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure link following. A local user can create a specially crafted symbolic link on the system and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: CP B2049 - 2019

CPE2.3 External links

http://success.trendmicro.com/jp/solution/000291471
http://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
http://www.zerodayinitiative.com/advisories/ZDI-22-1191/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Authentication

EUVDB-ID: #VU67212

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40144

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: CP B2049 - 2019

CPE2.3 External links

http://success.trendmicro.com/jp/solution/000291471
http://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###