CVE-2024-48904 | THREATINT

Description

An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability.

PUBLISHED Reserved 2024-10-09 | Published 2024-10-22 | Updated 2024-10-22 | Assigner trendmicro

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product status

5.6SP2, 7.0 (semver) before 5.6.3228, 7.0.1081

affected

References

success.trendmicro.com/en-US/solution/KA-0017998

www.zerodayinitiative.com/advisories/ZDI-24-1418/

cve.org (CVE-2024-48904)

nvd.nist.gov (CVE-2024-48904)

Download JSON