CVE-2024-58105
Published: 25 March 2025
Summary
CVE-2024-58105 is a high-severity Incorrect User Management (CWE-286) vulnerability in Trendmicro Apex One. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of flaws like this authorization bypass in the Trend Micro Apex One Security Agent Plug-in, directly mitigated by the vendor-provided patch.
Mandates enforcement of approved authorizations for logical access, directly countering the missing authorization (CWE-286) that allows low-privileged attackers to bypass security and execute arbitrary code.
Restricts system access to the least privileges necessary, limiting the scope and impact of arbitrary code execution achieved via the UI Manager bypass even if initial low-privileged access is obtained.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local low-privileged attacker bypasses security controls (missing authorization) to achieve arbitrary code execution with high impact, directly enabling exploitation for privilege escalation.
NVD Description
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104.…
more
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Deeper analysisAI
CVE-2024-58105 is a vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager that could allow a local attacker to bypass existing security controls and execute arbitrary code on affected installations. This issue addresses an additional bypass not covered in CVE-2024-58104 and is associated with CWE-286 (Missing Authorization). The vulnerability has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. A local attacker with low privileges (PR:L) and requiring user interaction (UI:R) can then leverage low attack complexity (AC:L) to bypass security mechanisms, achieving arbitrary code execution with high impacts to confidentiality, integrity, and availability.
The Trend Micro advisory provides details on mitigation and patches at https://success.trendmicro.com/en-US/solution/KA-0018217.
Details
- CWE(s)