CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed
A recently discovered vulnerability in the Trend Micro Deep Security 20 Agent could have allowed attackers to execute arbitrary code on affected machines. The vulnerability, identified as CVE-2024-51503, has been addressed in the latest update.
The vulnerability stemmed from a lack of proper validation of user-supplied strings before executing system calls. This could have allowed attackers with legitimate access to the domain to inject commands remotely to other machines within the same domain.
“The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM,” reads the security advisory.
Trend Micro emphasized that exploitation requires the attacker to meet certain conditions. These include having initial access to execute low-privileged code on the target system and possessing domain user privileges to affect other machines.
The vulnerability was responsibly disclosed by Simon Zuckerbraun of Trend Micro’s Zero Day Initiative (ZDI).
Trend Micro has released an updated version of the Deep Security Agent, version 20.0.1-21510, to address this vulnerability. Users of the Deep Security Agent are strongly encouraged to update to the latest version as soon as possible.
In addition to updating to the latest version, Trend Micro recommends that users review remote access to critical systems and ensure that their security policies and perimeter security are up-to-date.
