VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 26, 2023· Updated Dec 4, 2024

CVE-2023-34146

CVE-2023-34146

Description

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local privilege escalation in Trend Micro Apex One agent via exposed dangerous function allows arbitrary value write to agent subkeys.

Vulnerability

The vulnerability exists in the Trend Micro Apex One NT Listener service (Apex One Security Agent). It is an exposed dangerous function that allows a local attacker to write an arbitrary value to specific Trend Micro agent subkeys. Affected versions: Apex One 2019 (On-prem) and Apex One as a Service versions before May 2023 Maintenance. [1][2]

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system. Then, by leveraging the exposed dangerous function in the NT Listener service, the attacker can write an arbitrary value to Trend Micro agent subkeys. No user interaction is required beyond initial low-privilege access. [1]

Impact

Successful exploitation allows the attacker to escalate privileges to SYSTEM and execute arbitrary code in the context of SYSTEM. The attacker can also write arbitrary values to specific agent subkeys, potentially leading to further compromise. [1]

Mitigation

Trend Micro has released fixes: For Apex One (On-prem), apply SP1 CP B12033. For Apex One as a Service, apply May 2023 Maintenance (Hotfix Build 202305, Security Agent version 14.0.12518). [2] No workaround is mentioned; customers should update to the latest versions.

References
  1. ZDI-23-832
  2. June 6, 2023 Security Bulletin for Trend Micro Apex One

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.