CVE-2023-25148

CVSS V2 None CVSS V3 None
Description
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Overview
  • CVE ID
  • CVE-2023-25148
  • Assigner
  • security@trendmicro.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-10T21:15:15
  • Last Modified Date
  • 2023-03-16T15:29:48
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:* 1 OR 14.0.11960
cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://success.trendmicro.com/solution/000292209 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-173/ Third Party Advisory VDB Entry
History
Created Old Value New Value Data Type Notes
2023-04-17 06:17:19 Added to TrackCVE
2023-04-17 06:17:21 Weakness Enumeration new