Search

Vulnerability in Trend Micro Apex One (CVE-2024-55631)

Trend Micro Apex One Security Agent is endpoint protection software that is installed as part of the Trend Micro Apex One suite. It monitors the endpoint for threats such as malicious files and blocks or deletes them as appropriate. It is deployed on all systems enrolled in Trend Micro Apex One.

CVE-2024-55631: Local Privilege Escalation through Arbitrary File Delete

cirosec discovered a vulnerability in the Damage Cleanup Engine of the Security Agent that enables an unprivileged local attacker to escalate privileges. The vulnerability was disclosed to Trend Micro on October 27, 2023.

During scanning of the file system for malicious files, insecure file operations are performed in user-controlled directories, allowing a local attacker to delete almost arbitrary files on the system. By using publicly documented methods, an unprivileged local attacker can abuse this arbitrary file delete primitive to obtain SYSTEM privileges. Because no patch is available at the time of publication, cirosec is not releasing more technical details on the vulnerability until further notice.

CVSS Score
7.8 (CVSS v3) 

CVSS Vector String
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Version
The vulnerability has at least been present since Security Agent version 14.0.12737.

Fixed Version
Apex One Agent v14.0.14203

References
ZDI-Advisory: https://www.zerodayinitiative.com/advisories/ZDI-25-001/
Trend Micro: https://success.trendmicro.com/en-US/solution/KA-0018217

Credits
Frederik Reiter & Jan-Luca Gruber

Timeline

Do you want to protect your systems? Feel free to get in touch with us.
Search
Search