October 2024 - Trend Micro Vulnerabilities
CVE-2024-48904: Command Injection Vulnerability in Trend Micro Cloud Edge
A command injection vulnerability in Trend Micro Cloud Edge devices allows a remote attacker to execute arbitrary code on affected devices without requiring authentication.
- Release Date: October 22, 2024
- Features: This vulnerability enables code execution without authentication, granting attackers broad access and posing a significant security risk.
CVE-2024-48903: Privilege Escalation Vulnerability in Trend Micro Deep Security Agent 20
An improper access control vulnerability in Trend Micro Deep Security Agent 20 allows a local attacker to escalate privileges on the system. To exploit this vulnerability, the attacker must first have permission to run code with low-level privileges.
- Release Date: October 22, 2024
- Features: This vulnerability, allowing privilege escalation within the system, poses potential significant security risks.
CVE-2024-46903: Information Disclosure Vulnerability in Trend Micro Deep Discovery Inspector
This vulnerability, found in Trend Micro Deep Discovery Inspector (DDI) version 5.8 and later, allows attackers to access sensitive information. However, to exploit this vulnerability, the attacker must first have permission to execute low-privilege code.
- Release Date: October 22, 2024
- CVSS Score: 6.5 MEDIUM
- Features: This vulnerability poses a data security risk due to exposure of sensitive information.
CVE-2024-46902: Critical Information Disclosure Vulnerability in Trend Micro Deep Discovery Inspector
This vulnerability in Trend Micro Deep Discovery Inspector (DDI) version 5.8 and later allows a high-privilege (administrator-level) attacker to access sensitive information.
- Release Date: October 22, 2024
- CVSS Score: 9.1 CRITICAL
- Features: Access to sensitive information with administrator rights poses a serious threat to system security.
CVE-2024-45335: Virus Scanning Bypass Vulnerability in Trend Micro Antivirus One
A vulnerability in Trend Micro Antivirus One version 3.10.4 and earlier allows specially crafted malware to bypass scanning.
- Release Date: October 22, 2024
- CVSS Score: 5.5 MEDIUM
- Features: This scanning bypass capability allows attackers to hide malware and creates security risks.
CVE-2024-45334: Unauthorized Configuration Update Vulnerability in Trend Micro Antivirus One
In Trend Micro Antivirus One version 3.10.4 and earlier (Consumer version), an arbitrary configuration update vulnerability allows unauthorized individuals to access product configurations and functions.
- Release Date: October 22, 2024
- CVSS Score: 7.8 HIGH
- Features: Unauthorized configuration access can threaten user data security.
CVE-2024-41183: Privilege Escalation Vulnerability in Trend Micro VPN
In Trend Micro VPN version 5.8.1012 and earlier, a vulnerability exists under specific conditions that allows arbitrary file overwrite, potentially leading to privilege escalation.
- Release Date: October 22, 2024
- Features: File overwrite permissions enable attackers to gain greater control over the system.
CVE-2024-39753: SQL Injection Vulnerability in Trend Micro Apex One
A SQL injection vulnerability in the Trend Micro Apex One modOSCE allows a remote attacker to execute arbitrary code on the system. However, to exploit this vulnerability, the attacker must have permission to execute low-level code.
- Release Date: October 22, 2024
- Features: This SQL injection vulnerability allows attackers to manipulate data and perform malicious actions within the system.