Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)

Posted by Author Diksha Ojha on Posted on

An arbitrary code execution vulnerability affecting Apex One and Worry-Free Business Security is being exploited in the wild. CVE-2023-41179 has been given a CVSS score of 9.1 with a severity rating of critical. Successful exploitation of the vulnerability may allow an attacker with administrative console access to execute arbitrary code on the target system.

Trend Micro has mentioned in the advisory that they have observed at least one active attempt of potential exploitation of this vulnerability in the wild.

CISA has also acknowledged its active exploitation by adding this to its Known Exploited Vulnerabilities Catalog and requested users to patch it before October 12, 2023.

Apex One is an on-premise and cloud-based endpoint security solution that helps small and large enterprises with virtual patching and threat detection. URL filtering, pre-execution machine learning, root cause analysis, and data encryption are some of its important features.

Vulnerability Details

The vulnerability exists in the 3rd party AV uninstaller module provided with the endpoint products. An attacker must have administrative console access to the target system to exploit this vulnerability. On successful exploitation of the vulnerability, an attacker may run arbitrary code on the target system where the security agent is installed with the system privilege.

Affected Versions

  • Trend Micro Apex One 2019
  • Trend Micro Apex One SaaS 2019
  • Worry-Free Business Security (WFBS) 10.0 SP1
  • Worry-Free Business Security Services (WFBSS) 10.0 SP1

Mitigation

Customers must upgrade to the following versions to patch the vulnerability:

  • Apex One 2019 Service Pack 1 (Build 12380)
  • Apex One SaaS 14.0.12637
  • WFBS Patch 2495
  • WFBSS July 31 update

For more information, please visit the Trend Micro Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QID 378868 to detect vulnerable assets.

Please follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://www.jpcert.or.jp/english/at/2023/at230021.html
https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US

Leave a Reply

Your email address will not be published. Required fields are marked *