Cyber Resilience

CVE-2024-58104

HighLPE

Published: 25 March 2025

Published
25 March 2025
Modified
01 August 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58104 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Trendmicro Apex One. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-58104 is a vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager that could allow a local attacker to bypass existing security controls and execute arbitrary code on affected installations. Published on 2025-03-25, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-269 (Improper Privilege Management).

Exploitation requires an attacker to first obtain the ability to execute low-privileged code on the target system, along with local access, low privileges, and user interaction. Successful exploitation enables arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability.

Trend Micro has published mitigation guidance in their advisory at https://success.trendmicro.com/en-US/solution/KA-0018217.

EU & UK References

Vulnerability details

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to…

more

execute low-privileged code on the target system in order to exploit this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1211 Exploitation for Stealth Stealth
Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components.
Why these techniques?

Local vulnerability enabling bypass of security controls and arbitrary code execution due to improper privilege management directly maps to exploitation for privilege escalation (T1068) and defense evasion (T1211).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-45207Same product: Trendmicro Apex One
CVE-2026-34930Same product: Trendmicro Apex One
CVE-2026-34929Same product: Trendmicro Apex One
CVE-2026-34928Same product: Trendmicro Apex One
CVE-2026-45208Same product: Trendmicro Apex One
CVE-2026-34927Same product: Trendmicro Apex One
CVE-2026-45206Same product: Trendmicro Apex One
CVE-2024-58105Same product: Trendmicro Apex One
CVE-2025-71210Same product: Trendmicro Apex One
CVE-2025-54948Same product: Trendmicro Apex One

Affected Assets

trendmicro
apex one
≤ 14.0.14203 · ≤ 2019.13140

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation directly patches the vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager, preventing local privilege escalation and arbitrary code execution.

prevent

Least privilege enforcement counters CWE-269 improper privilege management, restricting low-privileged attackers from escalating via the UI Manager despite initial code execution capability.

prevent

Reference monitor implementation mediates all access control decisions, mitigating bypasses of existing security in the UI Manager by ensuring complete and tamper-proof enforcement.

References