March 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Juniper Networks Products Vulnerabilities
January 12, 2024Rewterz Threat Advisory – ICS: Multiple Siemens Solid Edge Vulnerabilities
January 12, 2024Rewterz Threat Advisory – Multiple Juniper Networks Products Vulnerabilities
January 12, 2024Rewterz Threat Advisory – ICS: Multiple Siemens Solid Edge Vulnerabilities
January 12, 2024
Severity
High
Analysis Summary
CVE-2023-52094 CVSS:7
Trend Micro Apex One and Apex One as a Service could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the product update mechanism. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
CVE-2023-52093 CVSS:7.8
Trend Micro Apex One and Apex One as a Service could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Apex One NT Listener service. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
CVE-2023-52092 CVSS:7.8
Trend Micro Apex One and Apex One as a Service could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Damage Cleanup Engine. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
CVE-2023-52091 CVSS:7.8
Trend Micro Apex One and Apex One as a Service could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Anti-Spyware Engine. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
CVE-2023-52090 CVSS:7.8
Trend Micro Apex One and Apex One as a Service could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Anti-Spyware Engine. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-52094
- CVE-2023-52093
- CVE-2023-52092
- CVE-2023-52091
- CVE-2023-52090
Affected Vendors
Trend Micro
Affected Products
- Trend Micro Apex One On Premise (2019)
- Trend Micro Apex One as a Service
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade or suggested workaround information.