An arbitrary code execution vulnerability affecting Apex One and Worry-Free Business Security is being exploited in the wild. CVE-2023-41179 has been given a CVSS score of 9.1 with a severity rating of critical. Successful exploitation of the vulnerability may allow an attacker with administrative console access to execute arbitrary code on the target system.
Trend Micro has mentioned in the advisory that they have observed at least one active attempt of potential exploitation of this vulnerability in the wild.
CISA has also acknowledged its active exploitation by adding this to its Known Exploited Vulnerabilities Catalog and requested users to patch it before October 12, 2023.
Apex One is an on-premise and cloud-based endpoint security solution that helps small and large enterprises with virtual patching and threat detection. URL filtering, pre-execution machine learning, root cause analysis, and data encryption are some of its important features.
The vulnerability exists in the 3rd party AV uninstaller module provided with the endpoint products. An attacker must have administrative console access to the target system to exploit this vulnerability. On successful exploitation of the vulnerability, an attacker may run arbitrary code on the target system where the security agent is installed with the system privilege.
- Trend Micro Apex One 2019
- Trend Micro Apex One SaaS 2019
- Worry-Free Business Security (WFBS) 10.0 SP1
- Worry-Free Business Security Services (WFBSS) 10.0 SP1
Customers must upgrade to the following versions to patch the vulnerability:
- Apex One 2019 Service Pack 1 (Build 12380)
- Apex One SaaS 14.0.12637
- WFBS Patch 2495
- WFBSS July 31 update
For more information, please visit the Trend Micro Security Advisory.
Qualys customers can scan their devices with QID 378868 to detect vulnerable assets.
Please follow Qualys Threat Protection for more coverage of the latest vulnerabilities.