Trend Micro’s May bulletin has addressed multiple vulnerabilities in Trend Micro Apex Central. The vulnerabilities, identified by CVE identifiers CVE-2023-32529 through CVE-2023-32537 and CVE-2023-32604 through CVE-2023-32605, affect the Windows platform.
These vulnerabilities have been assigned severity ratings ranging from medium to high, with corresponding CVSS 3.0 scores ranging from 4.1 to 7.2. It is important for users to be aware of these vulnerabilities in order to take appropriate action and protect their systems.
Addressing multiple Apex Central vulnerabilities
Trend Micro has promptly released Patch 4 (B6394) for Apex Central, which includes the necessary updates to address the identified vulnerabilities.
The updated version of Apex Central is now available for download from Trend Micro’s Download Center. It is recommended that customers obtain the latest version of the product to ensure that all known issues are resolved.
To ensure a seamless update process, customers are advised to visit Trend Micro’s Download Center to acquire any prerequisite software, such as Service Packs, before applying the provided solutions.
By following these steps, users can ensure a smooth transition to the latest version of Apex Central and take advantage of the enhanced security measures.
CVE-2023-32529 and CVE-2023-32530
Moreover, the first two vulnerabilities, CVE-2023-32529 and CVE-2023-32530, are SQL injection remote code execution vulnerabilities.
These vulnerabilities exist in vulnerable modules of Trend Micro Apex Central (on-premise), which, if exploited, could allow authenticated users to execute remote code through SQL injection.
It is crucial to note that an attacker must first obtain authentication on the target system to exploit these vulnerabilities successfully.
CVE-2023-32531 through CVE-2023-32535
Additionally, CVE-2023-32531 through CVE-2023-32535 encompass central cross-site scripting (XSS) remote code execution vulnerabilities.
Specifically, certain dashboard widgets on Trend Micro Apex Central (on-premise) are susceptible to XSS attacks.
These vulnerabilities may enable an attacker to execute remote code on affected servers. It is essential to address these vulnerabilities promptly to mitigate the associated risks.
CVE-2023-32536 to CVE-2023-32605
Furthermore, Trend Micro has also identified CVE-2023-32536, CVE-2023-32537, CVE-2023-32604, and CVE-2023-32605 as authenticated reflected XSS vulnerabilities.
These vulnerabilities stem from user input validation and sanitization issues in affected versions of Trend Micro Apex Central (on-premise). Exploiting these vulnerabilities requires an attacker to authenticate to Apex Central on the target system.
Apex Central vulnerabilities and patching
Additionally, reviewing remote access to critical systems and ensuring up-to-date policies and perimeter security are in place can provide an extra layer of defense. Trend Micro acknowledges the responsible disclosure of these vulnerabilities by security researchers.
The company has expressed gratitude to Poh Jia Hao of STAR Labs SG Pte. Ltd. and Pankaj Kumar Thakur of Green Tick Nepal Pvt. Ltd. for working collaboratively to address these issues and safeguard customers’ interests.
Customers can refer to the advisories published by Trend Micro’s Zero Day Initiative to find more information regarding these vulnerabilities.
The advisories, namely ZDI-CAN-17688, ZDI-CAN-17690, ZDI-CAN-18872, ZDI-CAN-18871, ZDI-CAN-18876, ZDI-CAN-18874, and ZDI-CAN-18867, provide additional insights and guidance on these Apex Central vulnerabilities.
Vulnerability management: Users still play catch-up
Faulty vulnerability management has put numerous organizations worldwide under the threat posed by the Cl0p ransomware group, which has been using vulnerabilities in MOVEit Transfer to launch ransomware attacks on them.
Cl0p has previously used vulnerabilities in Fortra GoAnywhere MFT in February 2023 and the zero-day vulnerabilities in Accellion’s file-transfer software in December 2020.
A significant number of vulnerabilities reported in May by various organizations pose a significant security risk, with a majority being remotely exploitable.
A considerable portion of vulnerabilities went unnoticed by common vulnerability databases. Approximately 34 percent of the disclosed vulnerabilities in May were rated as high-to-critical severity, indicating the potential for significant security breaches.
Organizations must streamline their vulnerability management efforts by prioritizing actionable vulnerabilities classified as high severity.
By focusing on vulnerabilities that are remotely exploitable, have public exploits, and viable solutions, vulnerability management teams can potentially reduce their workload by nearly 88 percent, thereby enhancing overall cybersecurity posture.
There are several incidents where organizations suffered due to inadequate management of IT or OT vulnerabilities.
Examples include the NotPetya attack in 2017, which exploited vulnerabilities in unpatched or outdated software; the Triton/Trisis attack in 2017, which targeted a petrochemical plant’s safety systems; and the Colonial Pipeline attack in 2021, which exploited a compromised password and led to fuel shortages and disruptions.