CVE-2019-18188 - OpenCVE

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Trendmicro	Apex One
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://success.trendmicro.com/solution/000151731	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trendmicro

Published: 2019-10-28T19:28:32

Updated: 2019-10-28T19:28:32

Reserved: 2019-10-17T00:00:00

Link: CVE-2019-18188

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-28T20:15:11.080

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-18188

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"containers": {"cna": {"affected": [{"product": "Trend Micro Apex One", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "All"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary File Upload with Command Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-28T19:28:32", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://success.trendmicro.com/solution/000151731"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2019-18188", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro Apex One", "version": {"version_data": [{"version_value": "All"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary File Upload with Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://success.trendmicro.com/solution/000151731", "refsource": "MISC", "url": "https://success.trendmicro.com/solution/000151731"}]}}}}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2019-18188", "datePublished": "2019-10-28T19:28:32", "dateReserved": "2019-10-17T00:00:00", "dateUpdated": "2019-10-28T19:28:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*", "matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication."}, {"lang": "es", "value": "Trend Micro Apex One podr\u00eda ser explotado por parte de un atacante utilizando una vulnerabilidad de inyecci\u00f3n de comandos para extraer archivos desde un archivo zip arbitrario hacia una carpeta espec\u00edfica en el servidor de Apex One, lo que podr\u00eda conllevar potencialmente a la ejecuci\u00f3n de c\u00f3digo remota (RCE). La ejecuci\u00f3n del proceso de forma remota est\u00e1 vinculada a la cuenta IUSR, que presenta permiso restringido y no es capaz de realizar cambios mayores en el sistema. Un intento de ataque requiere autenticaci\u00f3n del usuario."}], "id": "CVE-2019-18188", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-28T20:15:11.080", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://success.trendmicro.com/solution/000151731"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}