Get in Touch
Please get in touch using the form below.
Trend Micro patches Remote Code Execution vulnerability
Overview
Trend Micro has released an update for their web-based management console, Apex Central. An arbitrary file upload vulnerability would allow remote code execution (RCE). The company reports that some attacks have been observed in the wild and they have contacted the affected customers.
Following the update, the US Cybersecurity and Infrastructure Security Agency (CISA) has ordered civilian agencies to patch it within the next three weeks.
Impact
A remote attacker could gain control of the admin panel and disable protections.
Vulnerability Detection
Check the running version.
Affected Products
- SaaS and on-prem
- Trend Micro Apex Central
Containment, Mitigations & Remediations
The on-prem version requires an update. The SaaS version has been updated automatically.
Indicators of Compromise
None listed.
Threat Landscape
Exploits have been observed in the wild and Trend Micro has reached out to these customers.
Mitre Methodologies
T1190 – Exploit Public-Facing Application