CVE-2023-47197: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

CVE-2023-47197 is an origin validation vulnerability discovered in the Trend Micro Apex One security agent. The vulnerability was disclosed on January 23, 2024, affecting Trend Micro Apex One 2019 (On-premises) and Apex One SaaS versions up to (excluding) 14.0.12737 on Windows platforms. This security flaw was identified by security researcher Lays (@_L4ys) of TRAPA Security working with Trend Micro's Zero Day Initiative (ZDI Advisory, Vendor Advisory).

The vulnerability exists within the Apex One NT Listener service and stems from insufficient validation of the origin of commands. It has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-346 (Origin Validation Error) (NVD).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM on the affected system. This means an attacker could gain complete control over the compromised system with the highest possible privileges (ZDI Advisory).

Trend Micro has released patches to address this vulnerability. For Apex One 2019 (On-premises), users should update to SP1 CP 12526, and for Apex One as a Service, the September 2023 Monthly Patch (202309) with Agent Version 14.0.12737 should be applied. Additionally, organizations are advised to review remote access to critical systems and ensure policies and perimeter security are up-to-date (Vendor Advisory).