CVE-2023-32556

Vulnerability

CVE-2023-32556 is a link following vulnerability in the Trend Micro Apex One Security Agent, specifically within the NT Apex One RealTime Scan Service. By creating a mount point, a local attacker can abuse the service to disclose the contents of a file. The vulnerability affects Apex One 2019 (On-prem) and Apex One as a Service versions before the April 2023 Maintenance build [1][2].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system. The specific flaw exists within the NT Apex One RealTime Scan Service, and exploitation involves creating a mount point to trick the service into reading a file of the attacker's choice [2].

Impact

Successful exploitation allows an attacker to disclose sensitive information, potentially including system files, in the context of the SYSTEM account. This can lead to information disclosure with high confidentiality impact [2].

Mitigation

Trend Micro has released fixes: for Apex One (On-prem), apply Critical Patch B12024; for Apex One as a Service, apply the April 2023 Maintenance (Build 202304). Customers are encouraged to obtain the latest versions [1].