Trend Micro has advised customers to update its Apex Central technology following the discovery of web-based attacks targeting a newly discovered vulnerability.
Both hosted and on-premises versions of the Apex Central web-based centralized management console are vulnerable to a file upload vulnerability that poses a remote code execution (RCE) risk.
Put simply, flaws in a security dashboard that allows security teams to monitor endpoints for security compliance and threats make it possible for attackers to upload and subsequently execute malware within corporate environments. This has already happened in an unspecified but low number of hostile attacks, Trend Micro admits in a security notice:
Trend Micro has observed an active attempt of exploitation against this vulnerability in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already. All customers are strongly encouraged to update to the latest version as soon as possible.
The hosted version of the technology is already updated, while security updates released by Trend Micro this week need to be applied to on-premises installations.
The CVE-2022-26871 vulnerability was discovered by Trend Micro Research. The Daily Swig asked the vendor to offer more information on the type of attacks it has seen, for example on whether they might be characterized as targeted attacks by a nation-state or similar, as well as some context on how its team came across the vulnerability.
No word back for now, but we’ll update this story as and when more information comes to hand.
Even despite – or perhaps because of – the lack of hard facts, security experts are busy commenting on the impact of the flaw as well as criticising Trend Micro for leaving itself open to such a well-known class of web security vulnerability.
Source: https://portswigger.net/daily-swig/trend-micro-warns-of-active-attacks-against-apex-central-console