Lucene search
Lynn and Lays (@_L4ys)ZDI-23-656HistoryMay 17, 2023 - 12:00 a.m.
Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
2023-05-1700:00:00
Lynn and Lays (@_L4ys)
www.zerodayinitiative.com
9
trend micro
apex one
security agent
local privilege escalation
vulnerability
attackers
low-privileged code
flaw
plug-in service manager
proper locking
arbitrary code
system context
EPSS
0
Percentile
15.9%
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One Client Plug-in Service Manager. The issue results from the lack of proper locking when performing operations on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
cnvd
cnvd
Unspecified vulnerability in Trend Micro Apex One (CNVD-2023-65416)
2023-06-29 00:00:00
prion
prion
Design/Logic Flaw
2023-06-26 22:15:00
Design/Logic Flaw
2023-06-26 22:15:00
cvelist
cvelist
CVE-2023-32554
2023-06-26 21:56:27
CVE-2023-32555
2023-06-26 21:56:37
nvd
nvd
CVE-2023-32554
2023-06-26 22:15:10
CVE-2023-32555
2023-06-26 22:15:10
cve
cve
CVE-2023-32555
2023-06-26 22:15:10
CVE-2023-32554
2023-06-26 22:15:10
nessus
nessus
Trend Micro Apex One Multiple Vulnerabilities (000293108)
2023-06-01 00:00:00