Trend Micro recently released a patch for an actively exploited flaw in its endpoint security platform, Apex One. The security software provider published an advisory to report six vulnerabilities and advised their customers to apply the patches immediately.
There are indications of CVE-2022-40139(CVSS score: 7.2) being actively exploited in the wild. Attackers can remotely execute arbitrary code on computers running unpatched systems due to the vulnerability. It can only be exploited by an attacker who has administration console access.
Even though this definitely raises the skill level required to abuse CVE-2022-40139 in attacks, Trend Micro warned customers today that it has already observed at least one active exploitation attempt in the wild.
Other High Severity Flaws in Apex One
Today, Trend Micro addressed another high severity vulnerability in the Apex One product (CVE-2022-40144), allowing potential attackers to bypass authentication by falsifying request parameters on affected installations.
“Trend Micro has observed at least one active attempt of potential exploitation of this vulnerability in the wild. Customers are strongly encouraged to update to the latest versions as soon as possible,” the company said.
|CVE-2022-40139||Improper Validation of Rollback Mechanism Components RCE Vulnerability||7.2|
|CVE-2022-40140||Origin Validation Error Denial-of-Service Vulnerability||5.5|
|CVE-2022-40141||Information disclosure vulnerability||5.6|
|CVE-2022-40142||Agent Link Following Local Privilege Escalation Vulnerability||7.8|
|CVE-2022-40143||Link Following Local Privilege Escalation Vulnerability||7.3|
|CVE-2022-40144||Login authentication bypass vulnerability||8.2|
Customers are advised to assess remote access to essential systems, check current policies and perimeter security, and apply patches and updated solutions on time.
Users need to update their installation as soon as possible to Apex One Service Pack 1 (Server Build 11092 and Agent Build 11088).