Security software developer Trend Micro has patched recently a high severity vulnerability that could allow attackers to execute arbitrary code remotely from the Apex Central product management console.
While the security vulnerability that is affecting the Apex Central product management console is tracked as CVE-2022-26871. System administrators can manage Trend Micro products and services through Apex Central, a web-based management console.
You can also use this tool for manual component updating through pre-scheduled updates or updates that are performed directly.
- CVE ID: CVE-2022-26871
- Description: Arbitrary File Upload Remote Code Execution Vulnerability.
- NVD Published Date: 03/29/2022
- NVD Last Modified: 03/30/2022
- Source: Trend Micro, Inc.
- CVSS Score: NA
- Severity: High
- Summary: This issue affects the file handling module of the browser. It has a high severity arbitrary file upload vulnerability that could be exploited by the threat actors for RCE (Remote Code Execution).
Trend Micro Protection
In order to help protect Trend Micro products against the exploitation of these vulnerabilities, Trend Micro has released these IPS rules and filters. And here they are:-
- Trend Micro Cloud One – Workload Security / Deep Security: Rule 1011349 – Trend Micro Apex Central And Control Manager Remote Code Execution Vulnerability (CVE-2022-26871)
- Trend Micro Cloud One – Network Security / TippingPoint: Filter 41072: HTTP: Trend Micro Apex Central Arbitrary File Upload Vulnerability
- Trend Micro Deep Discovery Inspector: Rule 4673: CVE-2022-26871_HTTP_REMOTE_CODE_EXECUTION_EXPLOIT
While as a result of the disclosure of Trend Micro, the CISA has made the injunction that the federal agencies have only three weeks (within April 21, 2022) to patch the exploited Apex Central bug or these penalties will be imposed on them.
Moreover, a new set of solutions has been released by Trend Micro to resolve the issue:-
|Apex Central (on-prem)||Patch 3 (Build 6016)||Windows||Now Available|
|Apex Central (SaaS)*||March 9, 2022, Deployment (Build 6016)||SaaS||Already Deployed (March 9)|
In order for an attacker to be able to exploit these types of vulnerabilities, generally, they have to have access to a machine that is vulnerable.
Besides patching and updating, customers should review the remote access to critical systems and extend security to perimeters and policies.
The agency further advised that private and public sector organizations in the US should patch the exploited vulnerability as soon as possible to prevent their networks from being hacked.