CVE-2023-25147
Last modified
CVE-2023-25147 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Apex One | < 14.0.11960 |
| Trendmicro | Apex One | 2019 |
References
- https://success.trendmicro.com/solution/000292209Vendor Advisory
- https://success.trendmicro.com/solution/000292209Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-25147?
How severe is CVE-2023-25147?
How do I fix CVE-2023-25147?
Are you affected by CVE-2023-25147?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST