Manual Scan Command Injection Vulnerability in Trend Micro Deep Security 20 Agent Could Allow Privilege Escalation and Code Execution
CVE-2024-51503
Key Information
- Vendor
- Trend Micro
- Status
- Trend Micro Deep Security
- Vendor
- CVE Published:
- 19 November 2024
Badges
Summary
The vulnerability CVE-2024-51503 is a critical security flaw in the Trend Micro Deep Security 20 Agent, allowing attackers to execute arbitrary code on affected machines, potentially leading to privilege escalation across the domain. This vulnerability affects the manual scan feature within Trend Micro Deep Security, specifically on systems running Deep Security 20. The exploitation of this vulnerability requires the attacker to have local access to the system and domain user privileges. Trend Micro has released updated versions of the affected products to mitigate the vulnerability and strongly encourages users to apply these patches immediately. Despite the complexity of exploiting this flaw, Trend Micro advises customers to update to the latest builds of their software to ensure maximum security.
Affected Version(s)
Trend Micro Deep Security < 20.0.1-21510
News Articles
GBHackers NewsCVE-2024-51503Trend Micro Deep Security Vulnerable to Command Injection Attacks
Trend Micro has released a critical update addressing a remote code execution (RCE) vulnerability (CVE-2024-51503) in its Trend Micro Deep Security 20 Agent.
1 month ago
Refferences
CVSS V3.1
Timeline
- 👾
Exploit known to exist
First article discovered by GBHackers News
Vulnerability published