CVE-2023-41179

Summary

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.

Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Trend Micro, Inc.Trend Micro Apex One2019 (14.0) < 14.0.0.12380affected
Trend Micro, Inc.Trend Micro Apex OneSaaS < 14.0.12637affected
Trend Micro, Inc.Trend Micro Worry-Free Business Security10.0 SP1 < 10.0 SP1 Build 2495affected
Trend Micro, Inc.Trend Micro Worry-Free Business Security ServicesSaaS < 6.7.3578 / 14.3.1105affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References