External risk intelligence

Trend Micro Privilege Escalation Vulnerability.

CVE advisoryKnown Exploit

CVE-2021-36742

A vulnerability in Trend Micro products allows local attackers to elevate privileges. This impacts affected systems, potentially leading to unauthorized access and control, increasing business risk. Apply vendor updates to mitigate this threat.

1Halo Surface Signal

Trendmicro Officescan

xg10.02019

External exposure likelihood

Halo Surface Signal score for CVE-2021-36742

The vulnerability requires an attacker to already possess the ability to execute low-privileged code on the local target system. Because it is a local privilege escalation issue, it is not reachable via the public internet.

Horizon Alert

Summary of the vulnerability and why it matters

The vulnerability lies within Trend Micro's Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security products. This flaw allows an attacker with low-privileged code execution on a target system to escalate their privileges. This could potentially lead to unauthorized access and control over the affected systems, impacting data integrity and business operations.

Privilege escalation on affected systems
Unauthorized access to sensitive data
Disruption of business operations

Attack Path

How an attacker could exploit the issue

This vulnerability allows a local attacker to gain higher privileges on an affected system. An attacker must first gain the ability to run low-privileged code on the target machine to exploit this issue. This could lead to unauthorized access and modification of system data.

Local execution of low-privileged code required.
Attacker escalates privileges.
System control or data impact.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow a local attacker with low-privileged code execution to elevate their privileges on affected Trend Micro systems. Successful exploitation could lead to significant data compromise and system control for the attacker. Organizations using vulnerable Trend Micro products should consider this a serious risk.

Attacker skill level: Low
Required access: Local code execution
Business risk: High, urgent action required

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

A local privilege escalation vulnerability exists in specific Trend Micro products. Exploitation requires an attacker to first gain the ability to execute low-privileged code on the target system. Successful exploitation could allow an attacker to elevate their privileges on affected installations. This could increase business risk by potentially compromising system integrity and data confidentiality.

Identify all affected Trend Micro product installations.
Restrict execution of unauthorized code on affected systems.
Implement vendor-provided updates and confirm their successful application.
Monitor for any unusual system activity post-update.

Frequently asked questions

What products are affected by the Trend Micro privilege escalation vulnerability?

The vulnerability impacts Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security products. Specific versions include OfficeScan XG SP1, OfficeScan Business Security 10.0 SP1, Apex One 2019, and Worry-Free Business Security 10.0 SP1.

What is the weakness in Trend Micro products that allows privilege escalation?

The vulnerability is classified as an improper input validation vulnerability (CWE-20). This weakness means the software does not correctly check or handle data it receives, which can be exploited by an attacker.

What must an attacker do before exploiting CVE-2021-36742?

Before exploiting this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. This is a prerequisite for the privilege escalation to occur.

How does Halo Surface Signal assess the risk of CVE-2021-36742?

Halo Surface Signal assesses this CVE as 'Very unlikely' to be exploited remotely because it is a local privilege escalation issue and not reachable via the public internet. Exploitation requires an attacker to already have low-privileged code execution capabilities on the target system.

What steps should be taken to address this Trend Micro vulnerability?

Organizations should identify all affected Trend Micro product installations, restrict the execution of unauthorized code on these systems, and implement vendor-provided updates. Monitoring for unusual system activity after applying updates is also recommended.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.