CVE-2023-25147
CVSS V2 None
CVSS V3 None
Description
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.
Overview
- CVE ID
- CVE-2023-25147
- Assigner
- security@trendmicro.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-10T21:15:15
- Last Modified Date
- 2023-03-16T15:27:00
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:* | 1 | OR | 14.0.11960 | |
| cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | 0 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://success.trendmicro.com/solution/000292209 | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-25147 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25147 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 06:17:19 | Added to TrackCVE | |||
| 2023-04-17 06:17:21 | Weakness Enumeration | new |