CONTENT
Affected Version(s)
| Product | Affected Version(s) | Platform | Language(s) |
|---|---|---|---|
| Deep Security Agent | Versions before 20.0.1-21510 | Windows | English |
| Deep Security Notifier on DSVA | Version 20.0.0-8438 only | Windows VM | English |
Solution
Trend Micro has released the following solutions to address the issue:
| Product | Updated version | Notes | Platform | Availability |
|---|---|---|---|---|
| Deep Security Agent | Readme | Windows | Now Available | |
| Deep Security Notifier on DSVA |
Affected clients should install DSA 20.0.1 full package or above for updated Notifier function |
(See Upgrade Guide Section) |
Windows VM | Now Available |
These are the minimum recommended version(s) of the patches and/or builds required to address the issue. Trend Micro highly encourages customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin.
Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.
Vulnerability Details
CVE-2024-51503: Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability
ZDI-CAN-25215
CVSSv3: 8.0: AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Weakness: CWE-78: OS Command Injection
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
Mitigating Factors
Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.
However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.
Acknowledgement
Trend Micro would like to thank the following individuals for responsibly disclosing these issues and working with Trend Micro to help protect our customers:
- Simon Zuckerbraun of Trend Micro's Zero Day Initiative
External Reference(s)
- ZDI-CAN-25215