CVE-2024-36302 ‒ Local Privilege escalation in Trend Micro Apex One
Authored by:
Metrics: cve.org
Description
Trend Micro Apex One is a security product that protects endpoints from malware and detects attacks.
The fixed vulnerability enabled attackers with existing access to a system to elevate their privileges to SYSTEM.
Vulnerability
The vulnerability abused a trust relationship between frontend processes running in the context of an unprivileged user and privileged backend processes running as SYSTEM.
For more details see our blogpost on the vulnerability
Mitigations
Install a current version of Trend Micro Apex One. The vulnerability was fixed in Agent version 14.0.13139.
Timeline
| Date | Action |
|---|---|
| 22.08.2023 | Vulnerability reported to ZDI |
| 03.10.2023 | Vulnerability reported to vendor by ZDI |
| 06.06.2024 | Coordinated public release of advisory |
References
Share: