CVE-2024-51503

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine.  In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
OS Command Injection
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
trendmicroCNA
8 HIGH
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
trendmicrodeep_security_agent
20.0
trendmicrodeep_security_agent
20.0:update1337
trendmicrodeep_security_agent
20.0:update1559
trendmicrodeep_security_agent
20.0:update158
trendmicrodeep_security_agent
20.0:update167
trendmicrodeep_security_agent
20.0:update1681
trendmicrodeep_security_agent
20.0:update173
trendmicrodeep_security_agent
20.0:update180
trendmicrodeep_security_agent
20.0:update182
trendmicrodeep_security_agent
20.0:update1822
trendmicrodeep_security_agent
20.0:update183
trendmicrodeep_security_agent
20.0:update1876
trendmicrodeep_security_agent
20.0:update190
trendmicrodeep_security_agent
20.0:update198
trendmicrodeep_security_agent
20.0:update2009
trendmicrodeep_security_agent
20.0:update208
trendmicrodeep_security_agent
20.0:update213
trendmicrodeep_security_agent
20.0:update2204
trendmicrodeep_security_agent
20.0:update223
trendmicrodeep_security_agent
20.0:update224
trendmicrodeep_security_agent
20.0:update2395
trendmicrodeep_security_agent
20.0:update2419
trendmicrodeep_security_agent
20.0:update2593
trendmicrodeep_security_agent
20.0:update2740
trendmicrodeep_security_agent
20.0:update2921
trendmicrodeep_security_agent
20.0:update3165
trendmicrodeep_security_agent
20.0:update3288
trendmicrodeep_security_agent
20.0:update3445
trendmicrodeep_security_agent
20.0:update3530
trendmicrodeep_security_agent
20.0:update3771
trendmicrodeep_security_agent
20.0:update3964
trendmicrodeep_security_agent
20.0:update4185
trendmicrodeep_security_agent
20.0:update4416
trendmicrodeep_security_agent
20.0:update4726
trendmicrodeep_security_agent
20.0:update4959
trendmicrodeep_security_agent
20.0:update5137
trendmicrodeep_security_agent
20.0:update5394
trendmicrodeep_security_agent
20.0:update5512
trendmicrodeep_security_agent
20.0:update5761
trendmicrodeep_security_agent
20.0:update5810
trendmicrodeep_security_agent
20.0:update5995
trendmicrodeep_security_agent
20.0:update6313
trendmicrodeep_security_agent
20.0:update6690
trendmicrodeep_security_agent
20.0:update6860
trendmicrodeep_security_agent
20.0:update690
trendmicrodeep_security_agent
20.0:update7119
trendmicrodeep_security_agent
20.0:update7303
trendmicrodeep_security_agent
20.0:update7476
trendmicrodeep_security_agent
20.0:update7719
trendmicrodeep_security_agent
20.0:update7943
trendmicrodeep_security_agent
20.0:update8137
trendmicrodeep_security_agent
20.0:update8268
trendmicrodeep_security_agent
20.0:update8438
trendmicrodeep_security_agent
20.0:update877
trendmicrodeep_security_agent
20.0.1
trendmicrodeep_security_agent
20.0.1:update12510
trendmicrodeep_security_agent
20.0.1:update14610
trendmicrodeep_security_agent
20.0.1:update17380
trendmicrodeep_security_agent
20.0.1:update19250
trendmicrodeep_security_agent
20.0.1:update3180
trendmicrodeep_security_agent
20.0.1:update4540
trendmicrodeep_security_agent
20.0.1:update690
trendmicrodeep_security_agent
20.0.1:update7380
trendmicrodeep_security_agent
20.0.1:update9400
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://success.trendmicro.com/en-US/solution/KA-0018154
https://www.zerodayinitiative.com/advisories/ZDI-24-1516/