CVE-2023-41179

7.2HIGH

Key Information

Status
Trend Micro Apex One
Trend Micro Worry-Free Business Security
Trend Micro Worry-Free Business Security Services
Vendor
CVE Published:
19 September 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.

Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-41179 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Trend Micro Apex One < 14.0.0.12380

Trend Micro Apex One < 14.0.12637

Trend Micro Worry-Free Business Security < 10.0 SP1 Build 2495

News Articles

Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security

Trend Micro has fixed a critical vulnerability (CVE-2023-41179) in its enterprise endpoint security products that is being exploited.

1 year ago

Refferences

EPSS Score

3% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • CISA Reported

  • First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database1 News Article(s)
.