VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 26, 2023· Updated Dec 4, 2024

CVE-2023-34148

CVE-2023-34148

Description

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Trend Micro Apex One agent exposed dangerous function in NT Listener service lets local attacker escalate to SYSTEM.

Vulnerability

A dangerous function is exposed in the Trend Micro Apex One NT Listener service, affecting Apex One 2019 (on-prem) and Apex One as a Service versions before May 2023 Maintenance [1][2]. This allows a local attacker to write an arbitrary value to specific Trend Micro agent subkeys [1].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system. They can then leverage the exposed dangerous function to write arbitrary values to specific registry subkeys, leading to privilege escalation [1].

Impact

Successful exploitation allows the attacker to escalate privileges to SYSTEM and execute arbitrary code with the highest privileges, achieving full compromise of confidentiality, integrity, and availability [1].

Mitigation

Trend Micro has released fixes: Apex One 2019 SP1 CP B12033 and Apex One as a Service May 2023 Maintenance (build 202305, agent version 14.0.12518) [2]. Users should apply the latest patches.

References
  1. ZDI-23-834
  2. June 6, 2023 Security Bulletin for Trend Micro Apex One

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.