RCE in Trendmicro Deep_security_agent
CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers t…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.040 (89.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Trendmicro Deep_security_agent — versions 20.0, 20.0.1
- Trend Micro, Inc. Micro Deep Security — versions 20
Weakness classification (CWE)
References
- security@trendmicro.com (Vendor Advisory)
- security@trendmicro.com (Third Party Advisory)
Frequently asked questions
- What is CVE-2024-51503?
- CVE-2024-51503 is a high-severity vulnerability in Trendmicro Deep_security_agent, classified under OS Command Injection. CVSS score: 8.0/10. Published 2024-11-19.
- How severe is CVE-2024-51503?
- High severity. CVSS v3 base score is 8.0 out of 10.