CVE-2023-47196: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

CVE-2023-47196 is an origin validation vulnerability discovered in the Trend Micro Apex One security agent. The vulnerability was reported on June 22, 2023, and publicly disclosed on November 14, 2023. It affects Trend Micro Apex One 2019 (On-premises) and Apex One as a Service installations on Windows platforms (ZDI Advisory, Trend Micro Advisory).

The vulnerability exists within the Apex One NT Listener service and stems from insufficient validation of the origin of commands. It has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-346 (Origin Validation Error) (NVD).

When successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM on the affected system. This could potentially give the attacker complete control over the compromised system (ZDI Advisory).

Trend Micro has released patches to address this vulnerability. For Apex One (On-premises), users should upgrade to SP1 CP 12526 or later. For Apex One as a Service, users should upgrade to the September 2023 Monthly Patch (202309) with Agent Version 14.0.12737 or later (Trend Micro Advisory).

The vulnerability was discovered by security researcher Lays (@_L4ys) of TRAPA Security, working with Trend Micro's Zero Day Initiative. The coordinated disclosure process and timely patch release demonstrate effective collaboration between security researchers and vendors (ZDI Advisory).