May 22, 2023

Trend Micro Patches Critical RCE Vulnerability in Apex One

Trend Micro has issued a new Critical Patch (CP) for Trend Micro Apex One and Trend Micro Apex One as a Service, which addresses a number of previously identified vulnerabilities.

The Critical RCE Vulnerability

• CVE-2023-32557, (CVSS 3.1: 9.8, Critical) – Management Server Path Traversal Unauthenticated RCE Vulnerability, allows unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.

Affected Products

• Apex One  – 2019 (On-prem).
• Apex One as a Service – Versions before April 2023 Maintenance.

Mitigation

CYREBRO recommends users of these products to obtain the latest version of the product if there is a newer one available than the one listed in Trend Micro bulletin.

References: Trend Micro Security Advisory