CVE-2024-51503

EPSS 0.87%
Published 19.11.2024 19:15:08
Last modified 04.09.2025 23:45:42
Source security@trendmicro.com
Teams watchlist Login
Open Login

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine.  In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Trendmicro ≫ Deep Security Agent Version20.0 Update- SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate1337 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate1559 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate158 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate167 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate1681 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate173 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate180 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate182 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate1822 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate183 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate1876 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate190 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate198 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate2009 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate208 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate213 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate2204 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate223 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate224 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate2395 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate2419 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate2593 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate2740 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate2921 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate3165 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate3288 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate3445 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate3530 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate3771 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate3964 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate4185 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate4416 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate4726 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate4959 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate5137 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate5394 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate5512 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate5761 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate5810 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate5995 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate6313 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate6690 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate6860 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate690 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate7119 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate7303 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate7476 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate7719 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate7943 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate8137 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate8268 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate8438 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0 Updateupdate877 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0.1 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0.1 Updateupdate12510 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0.1 Updateupdate14610 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0.1 Updateupdate17380 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0.1 Updateupdate19250 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0.1 Updateupdate3180 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0.1 Updateupdate4540 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0.1 Updateupdate690 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0.1 Updateupdate7380 SwEditionlong_term_support

Trendmicro ≫ Deep Security Agent Version20.0.1 Updateupdate9400 SwEditionlong_term_support

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.87%	0.744

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@trendmicro.com	8	1.3	6	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://success.trendmicro.com/en-US/solution/KA-0018154

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-24-1516/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-51503

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-51503

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-51503

EUVD