Vulnerability-Lookup

CVE-2024-51503 (GCVE-0-2024-51503)

Vulnerability from cvelistv5 – Published: 2024-11-19 19:00 – Updated: 2024-11-21 04:55

Summary

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-78 - OS Command Injection

Assigner

trendmicro

References

URL

	Vendor	Product	Version
	Trend Micro, Inc.	Trend Micro Deep Security	Affected: 20 , < 20.0.1-21510 (semver) cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:::long_term_support:::*

JVNDB-2024-014079

Vulnerability from jvndb - Published: 2024-12-06 12:11 - Updated:2024-12-06 12:11

Summary

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

Details

Trend Micro Incorporated has released the security updates for Deep Security Agent (for Windows) and Deep Security Notifier on DSVA (for Windows VM) to fix an OS command injection vulnerability (CWE-78, CVE-2024-48903). Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.

References

Type

URL

	JVN	https://jvn.jp/en/vu/JVNVU93693807/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-26871
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Trend Micro, Inc.	Deep Security Agent
	Trend Micro, Inc.	Deep Security Notifier

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-014079.html",
  "dc:date": "2024-12-06T12:11+09:00",
  "dcterms:issued": "2024-12-06T12:11+09:00",
  "dcterms:modified": "2024-12-06T12:11+09:00",
  "description": "Trend Micro Incorporated has released the security updates for Deep Security Agent (for Windows) and Deep Security Notifier on DSVA (for Windows VM) to fix an OS command injection vulnerability (CWE-78, CVE-2024-48903).\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-014079.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:deep_security_agent",
      "@product": "Deep Security Agent",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:deep_security_notifier",
      "@product": "Deep Security Notifier",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:identifier": "JVNDB-2024-014079",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU93693807/index.html",
      "@id": "JVNVU#93693807",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-26871",
      "@id": "CVE-2024-51503",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection"
}

GHSA-W7P8-RXJG-J7WX

Vulnerability from github – Published: 2024-11-19 21:31 – Updated: 2024-11-19 21:31

Details

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.

Severity ?

8.0 (High)


                  
                    CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-51503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T19:15:08Z",
    "severity": "HIGH"
  },
  "details": "A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine.  In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.",
  "id": "GHSA-w7p8-rxjg-j7wx",
  "modified": "2024-11-19T21:31:32Z",
  "published": "2024-11-19T21:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51503"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0018154"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1516"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2024-AVI-1002

Vulnerability from certfr_avis - Published: 2024-11-19 - Updated: 2024-11-19

Une vulnérabilité a été découverte dans les produits Trend Micro. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Trend Micro	Deep Security Agent	Deep Security Agent versions antérieures à 20.0.1-21510
	Trend Micro	Deep Security Notifier	Deep Security Notifier versions antérieures à 20.0.1

References

Title

Publication Time

FKIE_CVE-2024-51503

Vulnerability from fkie_nvd - Published: 2024-11-19 19:15 - Updated: 2025-09-04 23:45

Severity ?

8.0 (High) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@trendmicro.com	https://success.trendmicro.com/en-US/solution/KA-0018154	Vendor Advisory
	security@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-24-1516/	Third Party Advisory

Impacted products

Vendor	Product	Version
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0.1
trendmicro	deep_security_agent	20.0.1
trendmicro	deep_security_agent	20.0.1
trendmicro	deep_security_agent	20.0.1
trendmicro	deep_security_agent	20.0.1
trendmicro	deep_security_agent	20.0.1
trendmicro	deep_security_agent	20.0.1
trendmicro	deep_security_agent	20.0.1
trendmicro	deep_security_agent	20.0.1
trendmicro	deep_security_agent	20.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2395:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C1630066-82A7-45B6-8C9B-5E33544057E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5394:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3E57A0B9-FD42-4BC2-8E77-473C231E8C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5512:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9A36042B-CE11-400C-A3E9-675FA01DFD79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5761:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA857632-5129-484C-9180-DC3B1A7A99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5810:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "73312B15-FF4F-4576-A6DC-90E7DDC16177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "EC926B09-2153-408D-96D1-339BC6CA3E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6313:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C8B125A6-071C-40BD-BEF8-3349D69B8FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8798E437-2DF9-4128-95A4-D6E428BB68F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6860:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "530A146D-8ACA-4EC3-A431-E732CDCBEF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "46511E37-DEEC-4097-B63D-9E525D71569B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7119:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "45F6F599-6DFD-4FAC-A3BC-DA04337FBF99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7303:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF3BF95D-BE53-48CF-AC59-7E53B3245E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7476:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA991E32-E28D-4310-8578-DD92033AEEB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7719:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "41CFF915-1DD8-4C9F-8B43-04BCDA0C5068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7943:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C88FD401-BDA4-4080-B56D-D9A980236A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "56A61850-1C9F-420B-88CF-D2D92BF1709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8268:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6CEB092E-8D28-478E-BEA9-D489EC63D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8438:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "1CDA7299-C070-405E-BE53-1B235D6C5CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:*:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "7B440DCA-7A22-407A-AF5F-C7AF14546160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update12510:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C05839B1-B2FE-4AAA-9E62-DC913FA703ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update14610:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D807E63A-41D5-4D70-8754-D7BA24A3872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update17380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D4C9B954-64D3-4C1C-8CAF-B12A3D25C842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update19250:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "62C967EC-7A1D-4AD1-B09F-B99B3A7D11CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update3180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E28C9F7F-F7F4-4199-933B-4AE42F773F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update4540:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "24BFA08E-F1AA-45A0-A8E4-D8D073BADDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF6B83AD-8517-4952-890B-4CF725407131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update7380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "05D1A109-AED2-41B2-A1E5-FBE77CE99949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update9400:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CE53A47-01E2-4BB5-9411-80FE4C137F77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine.  In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n de comandos de escaneo manual del agente de seguridad en Trend Micro Deep Security 20 Agent podr\u00eda permitir que un atacante aumente los privilegios y ejecute c\u00f3digo arbitrario en una m\u00e1quina afectada. En determinadas circunstancias, los atacantes que tienen acceso leg\u00edtimo al dominio pueden inyectar comandos de forma remota en otras m\u00e1quinas del mismo dominio. Tenga en cuenta que un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para explotar esta vulnerabilidad de forma local y debe tener privilegios de usuario de dominio para afectar a otras m\u00e1quinas."
    }
  ],
  "id": "CVE-2024-51503",
  "lastModified": "2025-09-04T23:45:42.947",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "security@trendmicro.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-19T19:15:08.470",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/en-US/solution/KA-0018154"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1516/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security@trendmicro.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-51503 (GCVE-0-2024-51503)

JVNDB-2024-014079

GHSA-W7P8-RXJG-J7WX

CERTFR-2024-AVI-1002

Solutions

FKIE_CVE-2024-51503

Tags

Sightings

Nomenclature