CVE-2023-47200: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A plug-in manager origin validation vulnerability (CVE-2023-47200) was discovered in the Trend Micro Apex One security agent. The vulnerability was disclosed on November 14, 2023, affecting Trend Micro Apex One and Apex One as a Service installations. The vulnerability received a CVSS v3.1 base score of 7.8 (HIGH) (NVD, ZDI).

The specific vulnerability exists within the Apex One Client Plug-in Service Manager and results from insufficient validation of the origin of commands. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity and privilege requirements (ZDI).

When successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. However, it's important to note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability (Trend Micro).

Trend Micro has released patches to address this vulnerability. For Apex One 2019 (On-prem), users should upgrade to SP1 CP 12526, and for Apex One as a Service, the September 2023 Monthly Patch (202309) with Agent Version 14.0.12737 is required (Trend Micro).

The vulnerability was discovered and reported by security researcher Lays (@_L4ys) of TRAPA Security, working with Trend Micro's Zero Day Initiative (Trend Micro).