CVE-2023-34147
26.06.2023, 22:15
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.Enginsight
| Vendor | Product | Version |
|---|---|---|
| trend_micro_inc | trend_micro_apex_one | 14.0.0.12033 < 𝑥 < 14.0.0.12033 |
| trendmicro | apex_one | 𝑥 < 14.0.12518 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.