CVE-2023-52092 – Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52092
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de link following del agente de seguridad en Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Damage Cleanup Engine. • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-025 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-47195 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-47195
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47196. Una vulnerabilidad de validación de origen en el agente de seguridad Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no idéntica, a CVE-2023-47196. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. • https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1615 • CWE-346: Origin Validation Error •
CVE-2023-47202 – Trend Micro Apex One Local File Inclusion Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-47202
A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de inclusión de archivos locales en el servidor de administración Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One web console. • https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1621 •
CVE-2023-47199 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-47199
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47193. Una vulnerabilidad de validación de origen en el agente de seguridad Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no idéntica, a CVE-2023-47193. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. • https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1620 • CWE-346: Origin Validation Error •
CVE-2023-47200 – Trend Micro Apex One CNTAoSMgr Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-47200
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47201. Una vulnerabilidad de validación del origen del administrador de complementos en el agente de seguridad Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no idéntica, a CVE-2023-47201. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. • https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1618 • CWE-346: Origin Validation Error •