[German]Trend Micro warns of various vulnerabilities, including a remote execution vulnerability (RCE), in its security solution Trend Micro Apex One. This vulnerability in the endpoint security solution is said to be already exploited. However, Trend Micro has released an update to its software that addresses the vulnerability. Administrators using Trend Micro Apex One should update this software in a timely manner.
Advertising
Trend Micro has released the criticalSeptember 2022 Security Bulletin for Trend Micro Apex One with details as of September 13.
- CVE-2022-40139: Improper Validation of Rollback Mechanism Components RCE Vulnerability; Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow an Apex One server administrator to instruct affected clients to download an unverified rollback package. This could be exploited for remote code execution.
- CVE-2022-40140: Origin Validation Error Denial-of-Service Vulnerability; An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial of service on affected installations. However, an attacker must first gain the ability to execute low-privileged code on the target system to do so.
- CVE-2022-40141: Information Disclosure Vulnerability; A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decrypt certain communication strings that could contain some identification attributes of a specific Apex One server.
- CVE-2022-40142: Agent Link Following Local Privilege Escalation Vulnerability, A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. An attacker must first gain the ability to execute low-privileged code on the target system to exploit this vulnerability.
- CVE-2022-40143: Link Following Local Privilege Escalation Vulnerability; A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to exploit an insecure directory that could allow a low-privilege user to execute arbitrary code with elevated privileges. An attacker must first gain the ability to execute low-privilege code on the target system to exploit this vulnerability.
- CVE-2022-40144: Login Authentication Bypass Vulnerability; A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by forging request parameters on affected installations.
To exploit this type of vulnerability, an attacker typically must have access (physical or remote) to a vulnerable machine. However, Trend Micro has already observed at least one active attack attempt against one of these vulnerabilities in the wild. The vulnerabilities are ranked with CVSS 3.0 score values of 5.5 – 8.2. Apex One 2019 (on-prem) SaaS for Windows is affected. Trend Micro has released the following patches to address this issue:
- Apex One SP1 (b11092/11088), Readme
- Apex One (SaaS) August 2022 Monthly Patch (202208), Readme
Regarding the Monthly Patch, some of the vulnerabilities listed were fixed in previous monthly SaaS updates. However, Trend Micro recommends that Apex One as a Service customers always use the latest available build to ensure that all issues are properly addressed. In addition to applying patches and updated solutions in a timely manner, customers are advised to review remote access to critical systems and ensure policies and perimeter security are up to date. (via)
