CVE-2023-34147

Vulnerability

An exposed dangerous function vulnerability exists in the Trend Micro Apex One and Apex One as a Service security agent, specifically within the Apex One NT Listener service. This flaw allows a local attacker to write an arbitrary value to specific Trend Micro agent subkeys. Affected versions include Apex One 2019 (On-prem) and Apex One as a Service prior to the May 2023 Maintenance build (Security Agent version 14.0.12518). The vulnerability is similar but not identical to CVE-2023-34146 and CVE-2023-34148 [1][2].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system. The specific flaw arises from an exposed dangerous function in the Apex One NT Listener service. By leveraging this function, the attacker can write an arbitrary value to specific Trend Micro agent subkeys, which can then be used to escalate privileges [1].

Impact

Successful exploitation allows the attacker to escalate privileges and execute arbitrary code in the context of SYSTEM, granting full control over the affected system with high impact on confidentiality, integrity, and availability [1].

Mitigation

Trend Micro has released fixes for both affected products: for Apex One 2019 (On-prem), apply SP1 CP B12033; for Apex One as a Service, apply the May 2023 Maintenance hotfix (Build 202305, Security Agent version 14.0.12518). Customers are encouraged to obtain the latest product version [2].