Attacker Value

High

(1 user assessed)

Exploitability

Low

(1 user assessed)

User Interaction

CVE-2023-41179

Disclosure Date: September 19, 2023 •

CVE-2023-41179 CVSS v3 Base Score: 7.2

Exploited in the Wild

Reported by cbeek-r7 and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.

Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

Add Assessment

ccondon-r7 (232)

February 11, 2024 6:38pm UTC (2 months ago)•Edited 2 months ago

Ratings

Attacker Value

High

Exploitability

Low

CISA KEV Listed Common in enterprise Gives privileged access Difficult to weaponize Requires elevated access

Technical Analysis

This was disclosed as 0day in September 2023 and then kind of never spoken of again, true to form for Trend Micro product 0days (exhibit 1, exhibit 2, exhibit 3). For CVE-2023-41179, exploitation requires an attacker to have admin console access on the target system, hence the low exploitability rating. As usual with these things, there don’t appear to be any public details.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.2 High

Impact Score:

5.9

Exploitability Score:

1.2

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

trendmicro

Products

apex one 2019,
worry-free business security 10.0,
worry-free business security services -

Exploited in the Wild

Reported by:

cbeek-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2023/09/21/cisa-adds-one-known-exploited-vulnerability-catalog)

Reported: September 22, 2023 7:15am UTC (7 months ago)

inokii indicated sources as

Vendor Advisory (https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US)
Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2023/09/21/cisa-adds-one-known-exploited-vulnerability-catalog)

Reported: September 22, 2023 7:45pm UTC (7 months ago)

References

Canonical

CVE-2023-41179 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41179)

Miscellaneous

https://success.trendmicro.com/solution/000294994

https://success.trendmicro.com/jp/solution/000294706

https://jvn.jp/en/vu/JVNVU90967486/

Rapid7

High

CVE-2023-41179

High

Low

None

High

Network

CVE-2023-41179

Description