CVE-2023-47202: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A local file inclusion vulnerability (CVE-2023-47202) was discovered in the Trend Micro Apex One management server. The vulnerability was disclosed on January 23, 2024, affecting Apex One 2019 (On-prem) and Apex One as a Service SaaS platforms on Windows systems (NVD, Trend Micro).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit. The scope is unchanged, but the impact on confidentiality, integrity, and availability is high (NVD).

A successful exploitation of this vulnerability could allow a local attacker to escalate privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability (Trend Micro).

Trend Micro has released patches to address this vulnerability. For Apex One 2019 (On-prem), users should upgrade to SP1 CP 12526. For Apex One as a Service, users should apply the September 2023 Monthly Patch (202309) with Agent Version 14.0.12737. Additionally, customers are advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date (Trend Micro).

The vulnerability was responsibly disclosed by NT AUTHORITY\ANONYMOUS LOGON working with Trend Micro's Zero Day Initiative (Trend Micro).