Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability

A directory traversal vulnerability allowing remote code execution has been identified in the Trend Micro Apex One management console. This issue arises from improper validation of user-supplied input, which can be exploited to execute arbitrary commands on the affected system. The vulnerability affects Apex One 2019 (On-prem) installations on Windows, as well as the SaaS version of Apex One as a Service and Trend Vision One Endpoint - Standard Endpoint Protection. The console listens on TCP ports 8080 and 4343 by default.

Impact

Exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system, with the executed code running in the context of the IUSR account.

Remediation

Trend Micro has released a Critical Patch for Apex One 2019 (On-prem) users. This patch can be downloaded from the Trend Micro Download Center. For Apex One as a Service and Trend Vision One Endpoint - Standard Endpoint Protection users, the update has already been applied via the latest SaaS updates.