CVE-2023-41179

moderate-risk

Published 2023-09-19

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

Do I need to act?

2.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (4)

Apex One

Worry-Free Business Security

Worry-Free Business Security Services

Affected Vendors

Trendmicro

References (7)

Third Party Advisory https://jvn.jp/en/vu/JVNVU90967486/

Broken Link https://success.trendmicro.com/jp/solution/000294706

Broken Link https://success.trendmicro.com/solution/000294994

Third Party Advisory https://jvn.jp/en/vu/JVNVU90967486/

Broken Link https://success.trendmicro.com/jp/solution/000294706

Broken Link https://success.trendmicro.com/solution/000294994

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 13/34 · Low

Exposure 10/34 · Low