Trend Micro addresses actively exploited Apex One zero-day

Trend Micro addressed multiple vulnerabilities in its Apex One endpoint security product, including actively exploited zero-day flaws.

Trend Micro announced this week the release of security patches to address multiple vulnerabilities in its Apex One endpoint security product, including a zero-day vulnerability, tracked as CVE-2022-40139 (CVSS 3.0 SCORE 7.2), which is actively exploited.

The CVE-2022-40139 flaw is an improper validation issue related to a rollback function, an agent can exploit the vulnerability to download unverified rollback components and execute arbitrary code.

“We have confirmed an improper validation vulnerability in some of the components used for the rollback function of Apex One and Apex One SaaS. This could allow the agent to download unverified rollback components and execute arbitrary code. An attacker would need to be able to log into the product’s administrative console to exploit this vulnerability. Since the attacker must have previously stolen the authentication information for the product’s management console, it is not possible to infiltrate the target network using this vulnerability alone.” reads the advisory published by Trend Micro. “Trend Micro is aware of attacks using this vulnerability (CVE-2022-40139). We recommend updating to the latest build as soon as possible.”

The company pointed out that the vulnerability could be exploited only by an attacker that had access to authentication data.

Trend Micro did not share details of the attacks exploiting this vulnerability.

Below is the list of the vulnerabilities addressed by the security firm:


APPLICABLE VULNERABILITY	PRODUCT/COMPONENT/TOOL	CVSS3.0	SEVERITY
SCORE
CVE-2022-40139	Apex One	7.2	high
CVE-2022-40140		5.5	During ~
CVE-2022-40141	Apex One SaaS	5.6	During ~
CVE-2022-40142		7.8	high
CVE-2022-40143		7.3	high
CVE-2022-40144		8.2	high

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Apex One)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.