Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)

Trend Micro has released a security advisory addressing multiple vulnerabilities (CVE-2022-40140, CVE-2022-40141, CVE-2022-40142, CVE-2022-40143, CVE-2022-40144) in Apex One (On-Premise) and Apex One as a Service. The advisory states, “Trend Micro has observed at least one active attempt of potential exploitation of CVE-2022-40139 in the wild.”
  
It typically takes physical or remote access to a vulnerable machine for an attacker to exploit these vulnerabilities. Customers are encouraged to assess remote access to critical systems and ensure policies and perimeter security are up-to-date.  
  
Apex One is an on-premise and cloud-based endpoint security solution that helps small and large enterprises with virtual patching and threat detection. URL filtering, pre-execution machine learning, root cause analysis, and data encryption are some of its important features. 
 
CVE-2022-40139: Improper Validation of Rollback Mechanism Components Remote Code Execution Vulnerability 
To exploit this vulnerability, an attacker must have access to the Apex One server administration console. The vulnerability arises due to the improper validation used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service. This could be used by an Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. 
 
CVE-2022-40140: Origin Validation Error Denial-of-Service Vulnerability 
To exploit this vulnerability, an attacker must have the power to execute low-privileged code on the target system. The vulnerability exists in the Trend Micro Apex One and Apex One as a Service. Successful exploitation of this vulnerability could lead to denial of service on vulnerable systems.   
 
CVE-2022-40141: Information Disclosure Vulnerability 
This vulnerability exists in Trend Micro Apex One and Apex One as a Service. On successful exploitation, this could allow an attacker to intercept and decode certain communication strings that may contain identification attributes of a particular Apex One server. 
 
CVE-2022-40142: Agent Link Following Local Privilege Escalation Vulnerability 
To exploit this vulnerability, an attacker must be able to execute low-privileged code on the target system. This is a security link following local privilege escalation vulnerability affecting the Trend Micro Apex One and Trend Micro Apex One as a Service agents. On successful exploitation, this could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on vulnerable systems. 
 
CVE-2022-40143: Link Following Local Privilege Escalation Vulnerability 
To exploit this vulnerability, an attacker must be able to execute low-privileged code on the target system. This is a link following local privilege escalation vulnerability affecting Trend Micro Apex One and Trend Micro Apex One as a Service servers. On successful exploitation, an attacker could misuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. 
 
CVE-2022-40144: Login Authentication Bypass Vulnerability 
This vulnerability exists in Trend Micro Apex One and Trend Micro Apex One as a Service. This vulnerability allows an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations. 
 
Affected versions  
The vulnerability affects the Trend Micro Apex 2019 (On-Prem) older than Build 9601. 
 
Mitigation  
Trend Micro has released patches to address these vulnerabilities. For more information, please visit the Trend Micro Security Advisory. 
  
Qualys Detection  
Qualys customers can scan their devices with QID 377592 to detect vulnerable assets.  
  
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.  
  
References 
https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US 

Leave a Reply

Your email address will not be published. Required fields are marked *