Trend Micro Deep Security Flaw Allows Remote Code Execution

Trend Micro has revealed a critical vulnerability in Deep Security 20 Agent that could allow remote code execution on affected systems.

All about the Vulnerability – CVE-2024-51503

The vulnerability, identified as CVE-2024-51503, was discovered on November 18, 2024, and has a high severity rating with a CVSS 3.0 score of 8.0.

The security flaw, known as ZDI-CAN-25215, is a command injection vulnerability affecting Windows-based Deep Security Agent versions before 20.0.1-21510 and Deep Security Notifier on DSVA version 20.0.0-8438.

This issue could allow an attacker to escalate privileges and execute arbitrary code on affected machines. The vulnerability is caused by an OS Command Injection weakness (CWE-78).

The vulnerability allows attackers with domain access to inject commands remotely to other machines within the same domain. However, exploiting it requires the attacker to first run low-privileged code on the target system.

Trend Micro has released a fix for this issue. Version 20.0.1-21510 (20 LTS Update 2024-10-16) is now available for Windows platforms.

Users of the Deep Security Notifier on DSVA should update to the DSA 20.0.1 full package or later to fix the Notifier function.

Cybersecurity experts stress the importance of applying patches promptly. While exploiting this vulnerability requires access to the machine, Trend Micro urges customers to update to the latest versions.

Organizations should also review remote access policies for critical systems and ensure perimeter security is up-to-date.

The vulnerability was discovered by Simon Zuckerbraun of Trend Micro’s Zero Day Initiative, highlighting the ongoing efforts to address cybersecurity risks. Experts recommend regular software updates and strong security practices to protect digital assets.