March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Apple macOS Big Sur Vulnerabilities
February 17, 2022Rewterz Threat Advisory – Multiple Cisco Vulnerabilities
February 17, 2022Rewterz Threat Advisory – Multiple Apple macOS Big Sur Vulnerabilities
February 17, 2022Rewterz Threat Advisory – Multiple Cisco Vulnerabilities
February 17, 2022
Severity
High
Analysis Summary
CVE-2022-24680
Trend Micro Apex One could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the NT Apex One RealTime Scan Service. By creating a mount point to delete arbitrary folder, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
CVE-2022-24679
Trend Micro Apex One could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the NT Apex One RealTime Scan Service. By creating a DOS device redirection, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
CVE-2022-24678
Trend Micro Apex One is vulnerable to a denial of service, caused by a flaw in the logging of requests received on the management port. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to flood a temporary log location and consume all disk space, and results in a denial of service condition.
CVE-2022-24671
Trend Micro Antivirus for Mac could allow a local authenticated attacker to gain elevated privileges on the system, caused by a link following flaw in the program_after_update script. By creating a specially-crafted symbolic link, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute code in the context of root.
Impact
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
- CVE-2022-24680
- CVE-2022-24679
- CVE-2022-24678
- CVE-2022-24671
Affected Vendors
- Trend Micro
Affected Products
- Trend Micro Apex One On Premise (2019)
- Trend Micro Apex One SaaS
- Trend Micro Antivirus for Mac 11
Remediation
Refer to Trend Micro Security Bulletin: for patch, upgrade or suggested workaround information.
Trend Micro Apex One
Trend Micro Antivirus for Mac