CVE-2023-47195: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

An origin validation vulnerability (CVE-2023-47195) was discovered in the Trend Micro Apex One security agent, specifically within the Apex One NT Listener service. The vulnerability was reported on June 22, 2023, and publicly disclosed on November 14, 2023. This security flaw affects Trend Micro Apex One 2019 (On-premises) and Apex One as a Service installations (ZDI Advisory, Vendor Advisory).

The vulnerability stems from insufficient validation of the origin of commands in the Apex One NT Listener service. It has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-346 (Origin Validation Error) (NVD).

When successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM on affected installations. However, the attacker must first obtain the ability to execute low-privileged code on the target system (ZDI Advisory).

Trend Micro has released patches to address this vulnerability. For Apex One (On-prem) version 2019, users should install SP1 CP 12526, and for Apex One as a Service, the September 2023 Monthly Patch (202309) with Agent Version 14.0.12737 is required (Vendor Advisory).

The vulnerability was discovered and reported by security researcher Lays (@L4ys) of TRAPA Security, working with Trend Micro's Zero Day Initiative ([Vendor Advisory](https://success.trendmicro.com/dcx/s/solution/000295652?language=enUS)).