Actively exploited vulnerability affects Trend Micro Apex Central

Threat Advisories

Actively exploited vulnerability affects Trend Micro Apex Central

THREAT LEVEL: Amber

For a detailed advisory, download the pdf file here

Trend Micro Apex Central (on-premise and as a Service) has a zero-day vulnerability. This arbitrary file upload vulnerability if successfully exploited, could allow an unauthenticated remote attacker to upload any file, resulting in remote code execution. Organizations are advised to upgrade their Apex Central to the latest version available.

Potential MITRE ATT&CK TTPs are:

TA0042: Resource Development

TA0001: Initial Access

TA0002: Execution

T1588: Obtain Capabilities

T1588.006: Obtain Capabilities: Vulnerabilities

T1190: Exploit Public-Facing Application

T1059: Command and Scripting Interpreter

Vulnerability Details

Actively-exploited-vulnerability-affects-Trend-Micro-Apex-Central

Patch Links

https://files.trendmicro.com/jp/ucmodule/apexcentral/win/2019/apexcentral_2019_gm_win_ja_3945_r3.exe

https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4395

References

https://success.trendmicro.com/jp/solution/000290660

https://jvn.jp/vu/JVNVU99107357/

Sign up to receive our Weekly Threat Digest