← Back to CVEs
CVE-2023-41179
HIGHCISA KEV7.2
Description
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
CVE Details
CVSS v3.1 Score7.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published9/19/2023
Last Modified10/31/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorTrend Micro
ProductApex One and Worry-Free Business Security
Vulnerability NameTrend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
KEV Date Added2023-09-21
Remediation Due Date2023-10-12
Ransomware UseUnknown
Affected Products
microsoft:windowstrendmicro:apex_onetrendmicro:worry-free_business_securitytrendmicro:worry-free_business_security_services
Weaknesses (CWE)
CWE-94CWE-94
References
https://jvn.jp/en/vu/JVNVU90967486/(security@trendmicro.com)
https://success.trendmicro.com/jp/solution/000294706(security@trendmicro.com)
https://success.trendmicro.com/solution/000294994(security@trendmicro.com)
https://jvn.jp/en/vu/JVNVU90967486/(af854a3a-2127-422b-91ae-364da2661108)
https://success.trendmicro.com/jp/solution/000294706(af854a3a-2127-422b-91ae-364da2661108)
https://success.trendmicro.com/solution/000294994(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.