Multiple vulnerabilities in Trend Micro Apex One

Published: 2022-11-09 | Updated: 2022-11-23

Risk	Medium
Patch available	YES
Number of vulnerabilities	8
CVE-ID	CVE-2022-44647 CVE-2022-44648 CVE-2022-44649 CVE-2022-44650 CVE-2022-44651 CVE-2022-44652 CVE-2022-44653 CVE-2022-44654
CWE-ID	CWE-125 CWE-787 CWE-119 CWE-362 CWE-755 CWE-22 CWE-254
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Apex One Client/Desktop applications / Antivirus software/Personal firewalls
Vendor	Trend Micro

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU69183

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-44647

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A locla user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 6 B10048

CPE2.3

cpe:2.3:a:trend_micro:apex_one:CP 10071:*:*:*:*:*:*:*

External links

http://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-22-1617/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU69184

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-44648

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A locla user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 6 B10048

CPE2.3

cpe:2.3:a:trend_micro:apex_one:CP 10071:*:*:*:*:*:*:*

External links

http://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-22-1618/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds write

EUVDB-ID: #VU69185

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-44649

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Unauthorized Change Prevention service. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 6 B10048

CPE2.3

cpe:2.3:a:trend_micro:apex_one:CP 10071:*:*:*:*:*:*:*

External links

http://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-22-1619/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Buffer overflow

EUVDB-ID: #VU69186

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-44650

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Unauthorized Change Prevention service. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 6 B10048

CPE2.3

cpe:2.3:a:trend_micro:apex_one:CP 10071:*:*:*:*:*:*:*

External links

http://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-22-1616/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Race condition

EUVDB-ID: #VU69187

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-44651

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the Apex One Client Plug-in Service Manager. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 6 B10048

CPE2.3

cpe:2.3:a:trend_micro:apex_one:CP 10071:*:*:*:*:*:*:*

External links

http://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-22-1620/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Improper handling of exceptional conditions

EUVDB-ID: #VU69188

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-44652

CWE-ID: CWE-755 - Improper Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of errors in Trend Micro Apex One Security Agent A local user can execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 6 B10048

CPE2.3

cpe:2.3:a:trend_micro:apex_one:CP 10071:*:*:*:*:*:*:*

External links

http://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-22-1621/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Path traversal

EUVDB-ID: #VU69189

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-44653

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to input validation error within the Apex One Client Plug-in Service Manager. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 6 B10048

CPE2.3

cpe:2.3:a:trend_micro:apex_one:CP 10071:*:*:*:*:*:*:*

External links

http://success.trendmicro.com/dcx/s/solution/000291770?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-22-1622/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Security features bypass

EUVDB-ID: #VU69190

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-44654

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to presence of a monitor engine component that is complied without the /SAFESEH memory protection mechanism, which helps to monitor for malicious payloads. A remote attacker can abuse this to perform a denial of service attack against the antimalware engine.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - Patch 6 B10048

CPE2.3

cpe:2.3:a:trend_micro:apex_one:CP 10071:*:*:*:*:*:*:*

External links

http://success.trendmicro.com/dcx/s/solution/000291770?language=en_US

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?