Trend Micro Apex Central Arbitrary File Upload Remote Code Execution (RCE) Vulnerability

Reference:
Advisory #2022-007

Version:
1.0

Affected software:
Trend Micro Apex Central 2019 (on-prem) prior to Build 6016 Trend Micro Apex Central (SaaS) prior to Build 202203

Type:
Arbitrary File Upload, Remote Code Execution

CVE/CVSS:

• CVE-2022-26871
• CVE-2022-26871
• CVSS- 8.6

Sources

Trend Micro: https://success.trendmicro.com/dcx/s/solution/000290678?language=en_US

Risks

Unpatched (on-premise) Trend Micro Apex Central systems will not properly check for file contents.

Trend Micro notes that the “(updated) SaaS version has already been deployed on the backend and no further action is required from SaaS customers on this issue.”

Description

Trend Micro Apex Central is a web-based console that provides centralized management for Trend Micro products and services and provides a single monitoring point for antivirus and content security products and services throughout the network.

On the 29^th of March 2022, Trend Micro published a security bulletin detailing the existence of an arbitrary file upload weakness, which if exploited, could lead to unauthenticated remote code execution.

Due to Trend Micro having observed active attempts of exploitation, organisations using on-premise deployments of Trend Micro Apex Central are strongly encouraged to update to the latest build as soon as possible.

Recommended Actions

Trend Micro notes that in addition to timely patching/updating of vulnerable systems, “customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.”

References

• JPCert: https://www.jpcert.or.jp/english/at/2022/at220008.html
• BleepingComputer: https://www.bleepingcomputer.com/news/security/trend-micro-fixes-actively-exploited-remote-code-execution-bug/