Log inRegister

Trend Micro Patches Another Apex One Vulnerability Exploited in Attacks


Trend Micro announced on Tuesday that it has patched several flaws in its Apex One endpoint security product, including a zero-day vulnerability.

Trend Micro announced on Tuesday that it has patched several flaws in its Apex One endpoint security product, including a zero-day vulnerability.

The exploited vulnerability is tracked as CVE-2022-40139 and it has been described as an improper validation issue related to a rollback function. The security hole allows the agent to download unverified rollback components and execute arbitrary code, according to a translation of a Japanese-language advisory released by Trend Micro.

This high-severity vulnerability can only be exploited by an attacker who is able to log into the product’s admin console.

“Since the attacker must have previously stolen the authentication information for the product’s management console, it is not possible to infiltrate the target network using this vulnerability alone,” the cybersecurity firm explained.

No information is available on the attacks exploiting CVE-2022-40139, but SecurityWeek has reached out to Trend Micro and will update this article if more details are provided.

It’s not uncommon for threat actors to exploit vulnerabilities in Trend Micro products, with several attacks being reported in the past few years. The security holes appear to have mostly been exploited in targeted attacks, and in some cases Chinese threat actors have been confirmed as the main suspect.

In addition to the zero-day vulnerability, the Apex One patches also address three other high-severity and two medium-severity issues.

The most serious of them is CVE-2022-40144, which could allow an attacker to bypass authentication using specially crafted requests. In theory, it may be possible to chain such vulnerabilities with the aforementioned zero-day to achieve the authentication requirement, but Trend Micro has not mentioned anything about CVE-2022-40144 being exploited in attacks.

The other vulnerabilities patched by Trend Micro can be exploited for privilege escalation, DoS attacks, and obtaining information about a targeted server.

According to CISA’s Known Exploited Vulnerabilities Catalog, eight other Trend Micro flaws have been exploited in the wild in the past years, most of which impact Apex products.


By Eduard Kovacs on Tue, 13 Sep 2022 12:26:19 +0000
Original link