Severity
High
Analysis Summary
CVE-2024-45335 CVSS:8.4
Trend Micro Antivirus One could allow a remote authenticated attacker to bypass security restrictions. By using a specifically crafted virus, an attacker could exploit this vulnerability to bypass and evade a virus scan detection.
CVE-2024-45334 CVSS:7.8
Trend Micro Antivirus One could allow a local authenticated attacker to bypass security restrictions. By using a specifically crafted virus, an attacker could exploit this vulnerability to access to product configurations and functions.
CVE-2024-48904 CVSS:9.8
Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the REST API. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-48903 CVSS:7.8
Trend Micro Deep Security could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control in the Anti-Malware Solution Platform, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Security Bypass
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-45335
- CVE-2024-45334
- CVE-2024-48904
- CVE-2024-48903
Affected Vendors
Affected Products
- Trend Micro Cloud Edge
- Trend Micro Deep Security
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade or suggested workaround information.