Arbitrary Command Execution in Trend Micro Apex One and Worry-Free Business Security
CVE-2023-41179
Key Information:
- Vendor
- Trend Micro
- Status
- Vendor
- CVE Published:
- 19 September 2023
Badges
Summary
A vulnerability exists in the third-party antivirus uninstaller module within Trend Micro Apex One and Worry-Free Business Security that allows an attacker with administrative console access to manipulate the module. This could enable the attacker to execute arbitrary commands on the compromised system, potentially leading to further exploitation or system compromise. It is essential for users of affected Trend Micro products to assess their security configurations and ensure they have appropriate access controls in place to mitigate this risk.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Trend Micro Apex One 2019 (14.0) < 14.0.0.12380
Trend Micro Apex One SaaS < 14.0.12637
Trend Micro Worry-Free Business Security 10.0 SP1 < 10.0 SP1 Build 2495
Get notified when SecurityVulnerability.io launches alerting ๐
Well keep you posted ๐ง
News Articles
Help Net SecurityCVE-2023-41179Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security
Trend Micro has fixed a critical vulnerability (CVE-2023-41179) in its enterprise endpoint security products that is being exploited.
References
CVSS V3.1
Timeline
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
- ๐ฐ
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved