Plataforma
trendmicro
Componente
trend-micro-apex-one
Corrigido em
14.0.0.13140
14.0.14203
CVE-2024-55632 describes a security agent link following vulnerability within Trend Micro Apex One. This flaw allows a local attacker to escalate privileges, potentially gaining unauthorized access and control over the system. The vulnerability affects versions 14.0 through 14.0.14203. A fix is available in version 14.0.14203.
Successful exploitation of CVE-2024-55632 allows an attacker who already possesses the ability to execute low-privileged code on a system to escalate their privileges. This means an attacker could potentially gain SYSTEM-level access, allowing them to install malware, modify system configurations, steal sensitive data, or disrupt operations. The impact is significant as it bypasses standard access controls and grants the attacker near-complete control over the compromised machine. This vulnerability is particularly concerning in environments where Apex One is deployed as a primary endpoint security solution, as a successful attack could compromise the entire endpoint.
CVE-2024-55632 was publicly disclosed on December 31, 2024. The vulnerability requires an attacker to already have low-privileged code execution, which limits the immediate exploitability. There are currently no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the requirement for initial code execution suggests a medium probability of exploitation.
Organizations heavily reliant on Trend Micro Apex One for endpoint security are at significant risk. Environments with weak access controls or where low-privileged users have broad permissions are particularly vulnerable. Shared hosting environments utilizing Apex One should also be assessed for potential impact.
• windows / supply-chain:
Get-Process -Name ApexOne | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 1001 and ProviderName = 'Trend Micro Apex One'"• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*ApexOne*'}disclosure
Status do Exploit
EPSS
0.07% (percentil 21%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-55632 is to upgrade Trend Micro Apex One to version 14.0.14203 or later. If immediate upgrading is not possible, consider implementing stricter access controls and monitoring for suspicious activity. Review existing security policies to ensure they limit the ability of low-privileged users to execute code. While a direct workaround isn't available, regularly scanning systems for unauthorized processes and unusual network connections can help detect potential exploitation attempts. After upgrade, confirm by verifying the Apex One version is 14.0.14203 or higher via the Apex One console.
Actualice Trend Micro Apex One a la última versión disponible. Consulte el sitio web de Trend Micro para obtener las instrucciones de actualización específicas para su versión.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-55632 is a vulnerability in Trend Micro Apex One versions 14.0–14.0.14203 that allows a local attacker with low-privileged code execution to escalate their privileges, potentially gaining full control of the system.
You are affected if you are running Trend Micro Apex One versions 14.0 through 14.0.14203 and have not upgraded to a patched version.
Upgrade Trend Micro Apex One to version 14.0.14203 or later to remediate the vulnerability. If immediate upgrade is not possible, implement stricter access controls and monitor for suspicious activity.
Currently, there are no publicly available proof-of-concept exploits, but the vulnerability's potential impact warrants proactive mitigation.
Refer to the official Trend Micro security advisory for CVE-2024-55632 on the Trend Micro website (search for CVE-2024-55632 on their security bulletins page).
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.