OpenCVE

An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trendmicro	Apex Central

Configuration 1 [-]

cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*

No data.

References

Link	Providers
https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-077/

History

No history.

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2024-01-23T20:41:10.369Z

Updated: 2024-08-02T22:55:41.057Z

Reserved: 2024-01-08T19:08:00.320Z

Link: CVE-2023-52324

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-23T21:15:09.337

Modified: 2024-11-21T08:39:34.067

Link: CVE-2023-52324

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*", "matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations.\r\n\r\nPlease note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code."}, {"lang": "es", "value": "Una vulnerabilidad de carga de archivos sin restricciones en Trend Micro Apex Central podr\u00eda permitir que un atacante remoto cree archivos arbitrarios en las instalaciones afectadas. Tenga en cuenta: aunque se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad, esta vulnerabilidad podr\u00eda explotarse cuando el atacante tenga un conjunto v\u00e1lido de credenciales. Adem\u00e1s, esta vulnerabilidad podr\u00eda usarse potencialmente en combinaci\u00f3n con otra vulnerabilidad para ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2023-52324", "lastModified": "2024-11-21T08:39:34.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-23T21:15:09.337", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-077/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-077/"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}