A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24563
Reference (s):
- https://success.trendmicro.com/solution/000271974
- URL: https://success.trendmicro.com/solution/000271974
- https://www.zerodayinitiative.com/advisories/ZDI-20-1218/
- URL: https://www.zerodayinitiative.com/advisories/ZDI-20-1218/