CVE-2024-58104

HighLPE

Published: 25 March 2025

Published

25 March 2025

Modified

01 August 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0001 1.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58104 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Trendmicro Apex One. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation directly patches the vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager, preventing local privilege escalation and arbitrary code execution.

AC-6 Least Privilege good match

prevent

Least privilege enforcement counters CWE-269 improper privilege management, restricting low-privileged attackers from escalating via the UI Manager despite initial code execution capability.

AC-25 Reference Monitor partial match

prevent

Reference monitor implementation mediates all access control decisions, mitigating bypasses of existing security in the UI Manager by ensuring complete and tamper-proof enforcement.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1211 Exploitation for Stealth Stealth

Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components.

attack.mitre.org →

Why these techniques?

Local vulnerability enabling bypass of security controls and arbitrary code execution due to improper privilege management directly maps to exploitation for privilege escalation (T1068) and defense evasion (T1211).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to…

execute low-privileged code on the target system in order to exploit this vulnerability.

Deeper analysisAI

CVE-2024-58104 is a vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager that could allow a local attacker to bypass existing security controls and execute arbitrary code on affected installations. Published on 2025-03-25, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-269 (Improper Privilege Management).

Exploitation requires an attacker to first obtain the ability to execute low-privileged code on the target system, along with local access, low privileges, and user interaction. Successful exploitation enables arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability.

Trend Micro has published mitigation guidance in their advisory at https://success.trendmicro.com/en-US/solution/KA-0018217.