CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

cisa Known Exploited Vulnerabilities RESURGE

US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog.

US Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity flaw CVE-2023-41179 (CVSS score 7.2) affecting Trend Micro Apex One and Worry-Free Business Security to its Known Exploited Vulnerabilities Catalog.

Trend Micro this week has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products, including Apex One, Apex One SaaS, and Worry-Free Business Security products.

According to the security firm the vulnerability has been exploited in attacks. The flaw is related to the products’ ability to uninstall third-party security software.

An attacker can trigger this vulnerability after it has logged into the product’s administrative console.

“An arbitrary code execution vulnerability has been identified in the Apex One SaaS, Biz, and VBBSS agents’ ability to uninstall third-party security products. To exploit this vulnerability, an attacker would need to be able to log into the product’s administrative console.” reads the advisory published by Trend Micro. Because an attacker would need to have stolen the product’s management console authentication information in advance, they would not be able to infiltrate the target network using this vulnerability alone.”

The vendor recommends customers update their installs to the latest version as soon as possible.

Trend Micro pointed out that the exploitation of this type of flaw typically requires an attacker to have access to the vulnerable device. To mitigate the risk of exploitation the company recommends allowing access only from trusted networks.

Trend Micro has not shared any information regarding the attacks exploiting this vulnerability.

The Japan CERT already published an alert regarding this vulnerability.

“Since the vulnerability is already being exploited in the wild, the users of the affected products are recommended to update the affected system to the latest version as soon as possible.” reads the alert.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this flaw by October 12, 2023.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.