CVE-2023-34146

Published: Jun 26, 2023Modified: Dec 4, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.

Affected (2)

Products: Trendmicro: Apex One

1 product

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendmicro Apex One	Before 14.0.12518
Trendmicro Apex One	Version 2019

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US

Source: security@trendmicro.com

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-832/

Source: security@trendmicro.com

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-832/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.