CVE-2023-41179
Published: 19 September 2023
Summary
CVE-2023-41179 is a high-severity Code Injection (CWE-94) vulnerability in Trendmicro Apex One. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 14.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
A vulnerability exists in the third-party antivirus uninstaller module included in Trend Micro Apex One (both on-premises and SaaS editions), Worry-Free Business Security, and Worry-Free Business Security Services. The flaw, tracked as CVE-2023-41179 and assigned CWE-94, permits an attacker to manipulate the module and thereby execute arbitrary commands on the affected system. The issue received a CVSS v3.1 score of 7.2.
Exploitation requires an attacker to first obtain administrative console access on the target installation. With that access, the attacker can leverage the uninstaller module to run commands with the privileges of the affected Trend Micro component, resulting in full control over confidentiality, integrity, and availability on the host.
Vendor advisories and solution documents published by Trend Micro and coordinated through JVN describe remediation steps and updated packages for the impacted products; the primary references are available at the listed Trend Micro success-center URLs and the JVN vulnerability note.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-45696
Vulnerability details
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an…
more
affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
- CWE(s)
- KEV Date Added
- 21 September 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Limits privileges granted to the AV uninstaller module and to console operators so that manipulation cannot result in arbitrary command execution with elevated rights.
Enforces access-control decisions on all console-initiated actions, blocking the unauthorized module manipulation that leads to command execution.
Restricts the uninstaller module to only its documented functionality, removing the unnecessary code paths that permit arbitrary command injection.