CVE-2023-47193: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

An origin validation vulnerability (CVE-2023-47193) was discovered in the Trend Micro Apex One security agent that could allow a local attacker to escalate privileges on affected installations. The vulnerability was disclosed on November 6, 2023, and affects Apex One 2019 (On-prem) and Apex One as a Service SaaS versions running on Windows platforms (Trend Advisory).

The vulnerability has been assigned a CVSSv3 score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue stems from insufficient validation of the origin of commands in the Apex One NT Listener service (ZDI Advisory). An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

A successful exploitation of this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM on affected installations. This could potentially give attackers complete control over the compromised system (ZDI Advisory).

Trend Micro has released patches to address this vulnerability. For Apex One 2019 (On-prem), users should upgrade to SP1 CP 12526. For Apex One as a Service, users should apply the September 2023 Monthly Patch (202309) with Agent Version 14.0.12737. Additionally, customers are advised to review remote access to critical systems and ensure policies and perimeter security are up-to-date (Trend Advisory).