CVE-2024-58105 is a vulnerability identified in the Trend Micro Apex One Security Agent Plug-in User Interface Manager component. It allows a local attacker with low-privileged code execution capabilities to bypass existing security mechanisms and execute arbitrary code on affected systems. This vulnerability is distinct from but related to CVE-2024-58104, addressing an additional bypass vector. The vulnerability is classified under CWE-286, indicating an improper authorization issue. The CVSS v3.1 base score is 7.3, with vector metrics AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, meaning the attack requires local access, low complexity, low privileges, and user interaction, but results in high confidentiality, integrity, and availability impacts. No patches or exploits are currently publicly available, but the vulnerability poses a significant risk due to the potential for privilege escalation and arbitrary code execution within a security product, which could undermine endpoint protection. The affected version is Trend Micro Apex One 2019 (14.0).

If exploited, this vulnerability could allow an attacker who already has limited code execution capabilities on a system to escalate privileges and execute arbitrary code with higher privileges. This could lead to full compromise of the affected endpoint, including unauthorized access to sensitive data, disruption of security controls, and potential deployment of persistent malware. Since Trend Micro Apex One is widely used in enterprise environments for endpoint protection, successful exploitation could undermine organizational security posture, enabling attackers to evade detection and maintain persistence. The requirement for local access and user interaction limits remote exploitation but does not eliminate risk in environments where attackers can gain initial footholds via phishing, insider threats, or other means. The absence of known exploits in the wild provides some immediate relief, but the vulnerability's high severity necessitates prompt attention.

Organizations should first verify if they are running Trend Micro Apex One 2019 (14.0) and monitor vendor communications for official patches or updates addressing CVE-2024-58105. In the absence of patches, apply the following mitigations: restrict local user permissions to minimize the ability to execute low-privileged code; implement application whitelisting to prevent unauthorized code execution; enhance endpoint monitoring to detect suspicious activities related to the Apex One UI Manager; enforce strict user interaction policies to reduce the risk of social engineering that could trigger exploitation; and conduct regular security awareness training to reduce the likelihood of user interaction with malicious content. Additionally, consider isolating critical systems and employing network segmentation to limit lateral movement if compromise occurs. Once patches are available, prioritize timely deployment to affected systems.