CVE-2023-41179
KEVTrend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
7.2
HighPublished:
Last updated:
Source:security@trendmicro.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
References
security@trendmicro.com
https://jvn.jp/en/vu/JVNVU90967486/security@trendmicro.com
https://success.trendmicro.com/jp/solution/000294706security@trendmicro.com
https://success.trendmicro.com/solution/000294994af854a3a-2127-422b-91ae-364da2661108
https://jvn.jp/en/vu/JVNVU90967486/af854a3a-2127-422b-91ae-364da2661108
https://success.trendmicro.com/jp/solution/000294706af854a3a-2127-422b-91ae-364da2661108
https://success.trendmicro.com/solution/000294994134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179