Other official information and services: www.belgium.be

WARNING: ACTIVELY EXPLOITED CRITICAL ZERO-DAY VULNERABILITY AFFECTING TREND MICRO APEX ONE, APEX ONE SAAS AND VIRUS BUSTER BUSINESS SECURITY PRODUCTS. PATCH AND VERIFY YOUR SYSTEMS ASAP!

Reference:

Advisory #2023-111

Version:

1.0

Affected software:

Apex One version 2019

Apex One SaaS

Virus Buster Business Security (Biz) version 10.0 SP1

Virus Buster Business Security Service (VBBSS)

Type:

Remote Code Execution (RCE)

CVE/CVSS:

CVE-2023-41179

CVSS score: 9.1 (critical)

CVSSv3: 9.1: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Date:

20/09/2023

Sources

https://success.trendmicro.com/jp/solution/000294706 (in Japanese)

Risks

Trend Micro published a security advisory for an actively exploited 0-day critical vulnerability affecting multiple products. The vulnerability has a high impact on all vertices of the CIA triad (Confidentiality, Integrity, Availability).

Trend Micro reported that this vulnerability was under active exploitation.

The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyze system and network logs for any suspicious activity. If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.

Description

CVE-2023-41179 is an arbitrary code execution vulnerability related to the products’ ability to uninstall third-party security products.

Successful exploitation of this 0-day vulnerability could allow an attacker to execute arbitrary code. To exploit this vulnerability, an attacker would need to be able to log into the product's administrative console.

Because an attacker would need to have stolen the product's management console authentication information in advance, they would not be able to infiltrate the target network using this vulnerability alone.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends upgrading your software:

For Apex One version 2019: install the patch Service Pack 1 – Patch 1 (Build 12380)
For Apex One SaaS: the security agent version is fixed in the July 2023 maintenance reference 14.0.12637
For Biz version 10.0 SP1: install Patch 2495
For VBBSS versions 6.7.3578/14.3.1105: the issue was fixed in the July 31^st 2023 update

Additionally, Trend Micro recommends restricting access to the management console, and only allowing trusted networks to connect to it.