Analysis Summary

CVE-2024-45335 CVSS:8.4

Trend Micro Antivirus One could allow a remote authenticated attacker to bypass security restrictions. By using a specifically crafted virus, an attacker could exploit this vulnerability to bypass and evade a virus scan detection.

CVE-2024-45334 CVSS:7.8

Trend Micro Antivirus One could allow a local authenticated attacker to bypass security restrictions. By using a specifically crafted virus, an attacker could exploit this vulnerability to access to product configurations and functions.

CVE-2024-48904 CVSS:9.8

Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the REST API. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-48903 CVSS:7.8

Trend Micro Deep Security could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control in the Anti-Malware Solution Platform, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

Impact

• Security Bypass
• Code Execution
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2024-45335
• CVE-2024-45334
• CVE-2024-48904
• CVE-2024-48903

Affected Vendors

Remediation

Refer to Trend Micro Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-45335

CVE-2024-45334

CVE-2024-48904

CVE-2024-48903