An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.
History

Wed, 04 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Trend Micro Inc
Trend Micro Inc trend Micro Apex One
Weaknesses CWE-863
CPEs cpe:2.3:a:trend_micro_inc:trend_micro_apex_one:*:*:*:*:*:*:*:*
Vendors & Products Trend Micro Inc
Trend Micro Inc trend Micro Apex One
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2023-06-26T21:58:00.477Z

Updated: 2024-12-04T16:08:55.833Z

Reserved: 2023-05-26T18:41:36.333Z

Link: CVE-2023-34146

cve-icon Vulnrichment

Updated: 2024-08-02T16:01:53.711Z

cve-icon NVD

Status : Modified

Published: 2023-06-26T22:15:11.187

Modified: 2024-12-04T17:15:10.177

Link: CVE-2023-34146

cve-icon Redhat

No data.