First published: Tue Mar 07 2023(Updated: )
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Apex One | <14.0.11960 | |
Trendmicro Apex One | =2019 | |
Microsoft Windows | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-25146 is a vulnerability that allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Trend Micro Apex One versions up to 14.0.11960 and Trend Micro Apex One 2019 are affected by this vulnerability.
CVE-2023-25146 has a severity rating of 7.8 (high).
Apply the necessary patches or updates provided by Trend Micro to fix this vulnerability.