CVE-2023-32557

Vulnerability

CVE-2023-32557 is a path traversal vulnerability in the Management Server component of Trend Micro Apex One (2019 on-premises) and Apex One as a Service (versions before the April 2023 Maintenance). The vulnerability can be exploited without authentication, allowing an attacker to upload arbitrary files to arbitrary locations on the server [1].

Exploitation

An unauthenticated attacker can send crafted HTTP requests to the vulnerable Management Server, performing path traversal (e.g., using ../ sequences) to upload files outside the intended directory. No user interaction or special network position beyond reachability of the server is required [1].

Impact

Successful exploitation enables remote code execution (RCE) with SYSTEM privileges, as the uploaded arbitrary file can be executed in the context of the server. This gives the attacker full control over the affected Management Server [1].

Mitigation

Trend Micro released fixes: Apex One 2019 should apply SP1 Critical Patch B12024 (Windows); Apex One as a Service should apply the April 2023 Maintenance Hotfix - Build 202304 (Security Agent version 14.0.12105). Customers are urged to upgrade to the latest available versions [1].