How can we help?
Trend Micro has released an update for their web-based management console, Apex Central. An arbitrary file upload vulnerability would allow remote code execution (RCE). The company reports that some attacks have been observed in the wild and they have contacted the affected customers.
Following the update, the US Cybersecurity and Infrastructure Security Agency (CISA) has ordered civilian agencies to patch it within the next three weeks.
A remote attacker could gain control of the admin panel and disable protections.
Check the running version.
- SaaS and on-prem
- Trend Micro Apex Central
Containment, Mitigations & Remediations
The on-prem version requires an update. The SaaS version has been updated automatically.
Indicators of Compromise
Exploits have been observed in the wild and Trend Micro has reached out to these customers.
T1190 – Exploit Public-Facing Application