Multiple vulnerabilities in Trend Micro Worry-Free Business Security
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2022-45797 CVE-2023-25144 CVE-2023-25145 CVE-2023-25146 CVE-2023-25147 CVE-2023-25148 |
| CWE-ID | CWE-36 CWE-284 CWE-59 CWE-345 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Worry-Free Business Security Client/Desktop applications / Software for system administration |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Absolute Path Traversal
EUVDB-ID: #VU69908
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-45797
CWE-ID:
CWE-36 - Absolute Path Traversal
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists due to an error within the Damage Cleanup Engine component. A local user can delete arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 Patch 2454
External linkshttp://success.trendmicro.com/dcx/s/solution/000292454?language=en_US
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Improper access control
EUVDB-ID: #VU72093
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25144
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in the Trend Micro Apex One agent. A local user can create arbitrary directories with arbitrary ownership and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 Patch 2454
External linkshttp://success.trendmicro.com/dcx/s/solution/000292454?language=en_US
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Link following
EUVDB-ID: #VU72094
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25145
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure link following within the NT Apex One RealTime Scan Service. A local user can create a specially crafted link to a critical file on the system and escalate privileges.
Install update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 Patch 2454
External linkshttp://success.trendmicro.com/dcx/s/solution/000292454?language=en_US
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Link following
EUVDB-ID: #VU72095
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25146
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure link following within the Apex One NT RealTime Scan service. A local user can create a specially crafted link to a critical file on the system and escalate privileges. MitigationInstall update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 Patch 2454
External linkshttp://success.trendmicro.com/dcx/s/solution/000292454?language=en_US
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Insufficient verification of data authenticity
EUVDB-ID: #VU72096
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25147
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient verification of data authenticity. A local user with administrative privileges can inject a specially crafted .DLL file during the update process.
Install update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 Patch 2454
External linkshttp://success.trendmicro.com/dcx/s/solution/000292454?language=en_US
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Link following
EUVDB-ID: #VU72097
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25148
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure link following in the security agent. A local user can create a specially crafted link to a critical file on the system and escalate privileges. MitigationInstall update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 Patch 2454
External linkshttp://success.trendmicro.com/dcx/s/solution/000292454?language=en_US
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
