First published: Mon Jun 26 2023(Updated: )
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trend Micro Apex One | ||
Trendmicro Apex One | <14.0.12105 | |
Trendmicro Apex One | =2019 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-32554 is a vulnerability that allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Trend Micro Apex One versions up to and excluding 14.0.12105 are affected, as well as Trend Micro Apex One 2019.
The severity of CVE-2023-32554 is rated as high with a CVSS score of 7.8.
To fix this vulnerability, update to a version of Trend Micro Apex One that is not affected by the issue.