First published: Mon Jun 26 2023(Updated: )
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trend Micro Apex One | ||
Trendmicro Apex One | <14.0.12518 | |
Trendmicro Apex One | =2019 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-34144 is a vulnerability that allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent.
The vulnerability exists within the Trend Micro Apex One Security Agent and can be exploited by attackers who first have the ability to execute low-privileged code on the target system.
The severity of CVE-2023-34144 is high, with a CVSS score of 7.8.
CVE-2023-34144 affects Trend Micro Apex One version up to 14.0.12518 and Trend Micro Apex One 2019.
To fix CVE-2023-34144, it is recommended to upgrade to a version of Trend Micro Apex One that is not affected by the vulnerability.