CVE-2023-32555

Vulnerability

A time-of-check time-of-use (TOCTOU) vulnerability exists in the Trend Micro Apex One and Apex One as a Service agent, specifically within the Apex One Client Plug-in Service Manager. The issue results from the lack of proper locking when performing operations on a file, leading to a race condition. Affected versions include Apex One 2019 (On-prem) and Apex One as a Service versions before the April 2023 Maintenance release [1][2].

Exploitation

To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. The attacker then triggers a race condition by manipulating file operations in the Apex One Client Plug-in Service Manager, taking advantage of the missing synchronization [2].

Impact

Successful exploitation allows a local attacker to escalate privileges to SYSTEM, enabling arbitrary code execution with the highest level of system access. This can lead to full compromise of the affected endpoint [2].

Mitigation

Trend Micro has released fixes: for Apex One (On-prem), apply SP1 Critical Patch B12024; for Apex One as a Service, update to the April 2023 Maintenance (Build 202304, Security Agent version 14.0.12105) [1]. No workarounds are documented; applying the latest patches is strongly recommended.