Wednesday, May 7, 2025
HomeCVE/vulnerabilityTrend Micro Deep Security Vulnerable to Command Injection Attacks

Trend Micro Deep Security Vulnerable to Command Injection Attacks

Published on

SIEM as a Service

Follow Us on Google News

Trend Micro has released a critical update addressing a remote code execution (RCE) vulnerability (CVE-2024-51503) in its Trend Micro Deep Security 20 Agent.

This vulnerability, identified as a manual scan command injection flaw, allows attackers to execute arbitrary code on affected machines, potentially leading to privilege escalation across the domain.

This vulnerability affects the manual scan feature within Trend Micro Deep Security, specifically on systems running Deep Security 20.

- Advertisement - Google News

An attacker who can execute low-privileged code on a target system may use this flaw to escalate privileges and inject commands, posing a serious security threat in corporate environments.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

Affected Products

ProductAffected Version(s)PlatformLanguage(s)
Deep Security AgentVersions before 20.0.1-21510WindowsEnglish
Deep Security Notifier on DSVAVersion 20.0.0-8438 onlyWindows VMEnglish

To mitigate this vulnerability, Trend Micro has released updated versions of the affected products. Users are strongly encouraged to apply these patches immediately.

Vulnerability Details

The vulnerability (CVE-2024-51503) is categorized as an OS command injection flaw that can lead to remote code execution.

Exploiting this flaw requires the attacker to have local access to the system and domain user privileges.

Once access is obtained, the attacker can inject malicious commands to execute arbitrary code on other machines in the same domain, leading to potential full compromise of the network.

Exploitation of this vulnerability requires the attacker to already have access to a vulnerable machine, either remotely or physically.

Trend Micro recommends timely application of patches, reviewing remote access policies, and ensuring up-to-date perimeter security.

Despite the complexity of exploiting this flaw, Trend Micro strongly advises customers to update to the latest builds of their software to ensure maximum security.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...