CVE-2023-41179
Key Information
- Vendor
- Trend Micro
- Status
- Trend Micro Apex One
- Trend Micro Worry-Free Business Security
- Trend Micro Worry-Free Business Security Services
- Vendor
- CVE Published:
- 19 September 2023
Badges
Summary
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.
Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-41179 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Trend Micro Apex One < 14.0.0.12380
Trend Micro Apex One < 14.0.12637
Trend Micro Worry-Free Business Security < 10.0 SP1 Build 2495
News Articles
Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security
Trend Micro has fixed a critical vulnerability (CVE-2023-41179) in its enterprise endpoint security products that is being exploited.
1 year ago
Refferences
EPSS Score
3% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
CISA Reported
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved