Headline
CVE-2022-40140: ZDI-22-1189
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
September 14th, 2022
Trend Micro Apex One Origin Validation Error Denial-of-Service Vulnerability****ZDI-22-1189
ZDI-CAN-16314
CVE ID
CVE-2022-40140
CVSS SCORE
5.5, (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
AFFECTED VENDORS
Trend Micro
AFFECTED PRODUCTS
Apex One
VULNERABILITY DETAILS
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Apex One NT Listener service. The issue results from insufficient validation of the origin of commands. An attacker can leverage this vulnerability to delete the Security Agent from the endpoint.
ADDITIONAL DETAILS
Trend Micro has issued an update to correct this vulnerability. More details can be found at:
https://success.trendmicro.com/solution/000291528
DISCLOSURE TIMELINE
- 2022-02-09 - Vulnerability reported to vendor
- 2022-09-14 - Coordinated public release of advisory
CREDIT
Simon Zuckerbraun - Trend Micro Zero Day Initiative
BACK TO ADVISORIES
Related news
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations.