Multiple vulnerabilities in Trend Micro Apex One
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2022-41744 CVE-2022-41749 CVE-2022-41745 CVE-2022-41746 CVE-2022-41747 CVE-2022-41748 |
| CWE-ID | CWE-367 CWE-20 CWE-125 CWE-862 CWE-295 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Apex One Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU68064
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41744
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in Vulnerability Protection Service. A local user can turn a specific working directory into a mount point on affected installations and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: Patch 1 b2087 - CP 11092
CPE2.3- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 3 b8358:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291645
https://www.zerodayinitiative.com/advisories/ZDI-22-1404/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU68065
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41749
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to origin validation error within the NT Listener service. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: Patch 1 b2087 - CP 11092
CPE2.3- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 3 b8358:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291645
https://www.zerodayinitiative.com/advisories/ZDI-22-1400/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU68066
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41745
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in NT Listener service. A local user can trigger
an out-of-bounds read and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: Patch 1 b2087 - CP 11092
CPE2.3- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 3 b8358:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291645
https://www.zerodayinitiative.com/advisories/ZDI-22-1401/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Missing Authorization
EUVDB-ID: #VU68067
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41746
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to missing authorization within the the Apex One web console. A remote authenticated user can bypass authorization and gain write access to server configuration via a specific URL. Successful exploitation of the vulnerability may allow an attacker to reconfigure the server and associated endpoint agents.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: Patch 1 b2087 - CP 11092
CPE2.3- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 3 b8358:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291645
https://www.zerodayinitiative.com/advisories/ZDI-22-1403/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Certificate Validation
EUVDB-ID: #VU68068
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41747
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper certificate validation in Client Plug-in Service Manager when handling signed DLLs. A local administrator can bypass certain elements of the product's anti-tampering mechanisms and load a malicious DLL.
Install updates from vendor's website.
Vulnerable software versionsApex One: Patch 1 b2087 - CP 11092
CPE2.3- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 3 b8358:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291645
https://www.zerodayinitiative.com/advisories/ZDI-22-1402/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU68069
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41748
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due improperly imposed security restrictions within the Data Loss Prevention (DLP) module. A local privileged user can bypass certain elements of the product's anti-tampering mechanisms and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsApex One: Patch 1 b2087 - CP 11092
CPE2.3- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 3 b8358:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000291645
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
