First published: Mon Jun 26 2023(Updated: )
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trend Micro Apex One | ||
Trendmicro Apex One | <14.0.12518 | |
Trendmicro Apex One | =2019 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-34148 is a vulnerability that allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Trend Micro Apex One versions up to and including 14.0.12518 and Trend Micro Apex One 2019 are affected.
CVE-2023-34148 has a severity rating of 7.8 (high).
It is recommended to update to the latest version of Trend Micro Apex One Security Agent to mitigate this vulnerability.