Arbitray file deletion vulnerability in Trend Micro Apex One



Published: 2022-12-05 | Updated: 2022-12-28
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2022-45797
CVE-2022-45798
CWE-ID CWE-36
CWE-59
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Apex One
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Trend Micro

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Absolute Path Traversal

EUVDB-ID: #VU69908

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-45797

CWE-ID: CWE-36 - Absolute Path Traversal

Exploit availability: Yes

Description

The vulnerability allows a local user to delete arbitrary files on the system.

The vulnerability exists due to an error within the Damage Cleanup Engine component. A local user can delete arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - SP1 b11128


CPE2.3 External links

http://success.trendmicro.com/dcx/s/solution/000291830?language=en_US
http://i.blackhat.com/EU-22/Wednesday-Briefings/EU-22-Yair-Aikido-Turning-EDRs-to-Malicious-Wipers.pdf

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Link following

EUVDB-ID: #VU69909

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-45798

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local user to delete arbitrary files on the system.

The vulnerability exists due to insecure symlink following issue in the Damage Cleanup Engine component. A local user can create a specially crafted symbolic link to a critical file on the system and delete it.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - SP1 b11128


CPE2.3 External links

http://success.trendmicro.com/dcx/s/solution/000291830?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-22-1665/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###