Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Juniper Networks Products Vulnerabilities
January 12, 2024
Rewterz
Rewterz Threat Advisory – ICS: Multiple Siemens Solid Edge Vulnerabilities
January 12, 2024

Rewterz Threat Advisory – Multiple Trend Micro Apex One and Apex One Zero Day Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-52094 CVSS:7

Trend Micro Apex One and Apex One as a Service could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the product update mechanism. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.

CVE-2023-52093 CVSS:7.8

Trend Micro Apex One and Apex One as a Service could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Apex One NT Listener service. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.

CVE-2023-52092 CVSS:7.8

Trend Micro Apex One and Apex One as a Service could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Damage Cleanup Engine. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.

CVE-2023-52091 CVSS:7.8

Trend Micro Apex One and Apex One as a Service could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Anti-Spyware Engine. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.

CVE-2023-52090 CVSS:7.8

Trend Micro Apex One and Apex One as a Service could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Anti-Spyware Engine. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.

Impact

  • Privilege Escalation

Indicators Of Compromise

CVE

  • CVE-2023-52094
  • CVE-2023-52093
  • CVE-2023-52092
  • CVE-2023-52091
  • CVE-2023-52090

Affected Vendors

Trend Micro

Affected Products

  • Trend Micro Apex One On Premise (2019)
  • Trend Micro Apex One as a Service

Remediation

Refer to Trend Micro Security Advisory for patch, upgrade or suggested workaround information.

Trend Micro Security Advisory