[Japanese]

JVNDB-2023-003721

Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution

Overview

Trend Micro Endpoint security products for enterprises provided by Trend Micro Incorporated contain an arbitrary code execution vulnerability (CWE-94, CVE-2023-41179) in 3rd Party AV Uninstaller Module.

Trend Micro Incorporated states that an attack exploiting this vulnerability has been observed.

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.1 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Trend Micro, Inc.
  • Apex One On Premise (2019)
  • Apex One as a Service
  • Worry-Free Business Security 10.0 SP1
  • Worry-Free Business Security Services (SaaS)

Impact

An attacker who can log in to the product's administration console may execute an arbitrary code with the system privilege on the PC where the security agent is installed.
Solution

[Apply the Patch]
Apply the patch according to the information provided by the developer.
The developer has released patches listed below that contain a fix for this vulnerability.

* Trend Micro Apex One On Premise (2019) SP1 Patch 1 (b12380)
* Worry-Free Business Security 10.0 SP1 Patch 2495

The issue is fixed in the July 2023 Monthly Patch (202307) Agent Version: 14.0.12637 for Trend Micro Apex One as a Service, and in July 31, 2023 Monthly Maintenance Release for Worry-Free Business Security Services (SaaS)

[Apply the Workaround]
Applying the following workaround may mitigate the impact of this vulnerability.

* Permit access to the product's administration console to only trusted network
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

  1. Code Injection(CWE-94) [Other]
CVE (What is CVE?)

  1. CVE-2023-41179
References

  1. JVN : JVNVU#90967486
  2. National Vulnerability Database (NVD) : CVE-2023-41179
  3. JPCERT : JPCERT-AT-2023-0021
  4. CISA Known Exploited Vulnerabilities Catalog : CVE-2023-41179
Revision History

  • [2023/09/20]
      Web page was published
  • [2023/11/13]
      Solution was modified
  • [2024/05/09]
      References : Contents were added