CVE-2023-47199: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

An origin validation vulnerability (CVE-2023-47199) was discovered in the Trend Micro Apex One security agent that could allow a local attacker to escalate privileges on affected installations. The vulnerability was disclosed on January 23, 2024, affecting Apex One 2019 (On-premises) and Apex One as a Service versions up to (excluding) 14.0.12737 on Windows platforms (Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue stems from insufficient validation of the origin of commands in the Apex One NT Listener service. This vulnerability is classified as CWE-346 (Origin Validation Error) (NVD, ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to escalate privileges and execute arbitrary code in the context of SYSTEM. The high severity rating indicates potential complete compromise of system confidentiality, integrity, and availability (ZDI Advisory).

Trend Micro has released patches to address this vulnerability. For Apex One (On-premises), users should upgrade to SP1 CP 12526 or later. For Apex One as a Service, the September 2023 Monthly Patch (202309) with Agent Version 14.0.12737 or later is required. Additionally, customers are advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date (Vendor Advisory).

The vulnerability was discovered and reported by Simon Zuckerbraun of Trend Micro's Zero Day Initiative, demonstrating responsible disclosure practices in the cybersecurity community (Vendor Advisory).