#VU71738 Improper Authorization in Apex One - CVE-2023-0587
Published: February 1, 2023 / Updated: February 9, 2023
Vulnerability identifier: #VU71738
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2023-0587
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Apex One
Apex One
Software vendor:
Trend Micro
Trend Micro
Description
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to missing authorization when processing file uploads at the " /officescan/console/html/cgi/fcgiOfcDDA.exe" URL. A remote non-authenticated attacker can send a specially crafted HTTP PUT request with a malformed Content-Length header, upload an arbitrary number of large files to the SampleSubmission directory (i.e., \\PCCSRV\\TEMP\\SampleSubmission) and consume all available disk space, causing a denial of service condition.
Remediation
Install updates from vendor's website.
External links
- https://www.tenable.com/security/research/tra-2023-5
- https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_sp_b11564_EN_service_pack_Readme.html
- https://success.trendmicro.com/dcx/s/solution/000292183?language=en_US
- https://success.trendmicro.com/dcx/s/solution/000292209?language=en_US