Summary: Trend Micro has issued a critical security bulletin regarding a command injection vulnerability (CVE-2024-48904) in its Cloud Edge appliance, which could allow remote attackers to execute arbitrary code without authentication. Users are urged to update their appliances immediately to mitigate the risk associated with this severe vulnerability, which has a CVSS score of 9.8.
Threat Actor: Unknown | unknown
Victim: Trend Micro Cloud Edge users | Trend Micro Cloud Edge users
Key Point :
- Critical command injection vulnerability (CVE-2024-48904) with a CVSS score of 9.8.
- Remote attackers can execute arbitrary code without authentication on affected devices.
- Affected versions include Cloud Edge 5.6SP2 and 7.0; updates have been released to address the issue.
- Trend Micro recommends immediate updates and a review of security policies and remote access to critical systems.
Trend Micro has issued an urgent security bulletin warning users of a critical command injection vulnerability in its Cloud Edge appliance. This vulnerability, tracked as CVE-2024-48904 and assigned a CVSS score of 9.8, could allow a remote attacker to execute arbitrary code on affected devices without authentication.
“An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances,” the bulletin states, highlighting the severity of the issue.
Affected versions include Cloud Edge 5.6SP2 and 7.0. Trend Micro has released updated builds to address the vulnerability:
- Cloud Edge: 5.6 SP2 build 3228 & 7.0 build 1081
“These are the minimum recommended version(s) of the patches and/or builds required to address the issue,” the bulletin clarifies. “Trend Micro highly encourages customers to obtain the latest version of the product if there is a newer one available.”
While exploiting this vulnerability typically requires access to the vulnerable machine, the fact that authentication is not required makes it a serious threat. Trend Micro urges all users to update their Cloud Edge appliances immediately to mitigate the risk of potential attacks.
In addition to patching, Trend Micro recommends reviewing remote access to critical systems and ensuring that security policies and perimeter security are up-to-date.