cvelistv5 - cve-2024-48903

CVE-2024-48903 (GCVE-0-2024-48903)

Vulnerability from cvelistv5 – Published: 2024-10-22 18:28 – Updated: 2025-03-13 13:22

Summary

An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-269 - Improper Privilege Management

Assigner

trendmicro

References

URL

Tags

	https://success.trendmicro.com/en-US/solution/KA-…
	https://www.zerodayinitiative.com/advisories/ZDI-…

Impacted products

	Vendor	Product	Version
	Trend Micro, Inc.	Trend Micro Deep Security Agent	Affected: 20 , < 20.0.1-17380 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:trend_micro_inc:deep_security_agent:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "deep_security_agent",
            "vendor": "trend_micro_inc",
            "versions": [
              {
                "lessThan": "20.0.1-17380",
                "status": "affected",
                "version": "20",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48903",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T19:11:41.658314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T13:22:14.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-17380",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-22T18:28:49.537Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0017997"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1419/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2024-48903",
    "datePublished": "2024-10-22T18:28:49.537Z",
    "dateReserved": "2024-10-09T19:03:26.733Z",
    "dateUpdated": "2025-03-13T13:22:14.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.\\r\\n\\r\\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de control de acceso inadecuado en Trend Micro Deep Security Agent 20 podr\\u00eda permitir que un atacante local aumente los privilegios en las instalaciones afectadas. Tenga en cuenta que, para explotar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar c\\u00f3digo con pocos privilegios en el sistema de destino.\"}]",
      "id": "CVE-2024-48903",
      "lastModified": "2024-10-23T15:12:34.673",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@trendmicro.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2024-10-22T19:15:06.590",
      "references": "[{\"url\": \"https://success.trendmicro.com/en-US/solution/KA-0017997\", \"source\": \"security@trendmicro.com\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-24-1419/\", \"source\": \"security@trendmicro.com\"}]",
      "sourceIdentifier": "security@trendmicro.com",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-48903\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2024-10-22T19:15:06.590\",\"lastModified\":\"2025-07-31T16:07:18.630\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.\\r\\n\\r\\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de control de acceso inadecuado en Trend Micro Deep Security Agent 20 podr\u00eda permitir que un atacante local aumente los privilegios en las instalaciones afectadas. Tenga en cuenta que, para explotar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:*:update17380:*:*:long_term_support:*:*:*\",\"versionEndExcluding\":\"20.0.1\",\"matchCriteriaId\":\"5C6B6887-472A-4732-A462-7B70262CB06C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://success.trendmicro.com/en-US/solution/KA-0017997\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-24-1419/\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-48903\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-22T19:11:41.658314Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:trend_micro_inc:deep_security_agent:*:*:*:*:*:*:*:*\"], \"vendor\": \"trend_micro_inc\", \"product\": \"deep_security_agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"20\", \"lessThan\": \"20.0.1-17380\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-22T19:13:47.671Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Trend Micro, Inc.\", \"product\": \"Trend Micro Deep Security Agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"20\", \"lessThan\": \"20.0.1-17380\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://success.trendmicro.com/en-US/solution/KA-0017997\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-24-1419/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.\\r\\n\\r\\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\"}], \"providerMetadata\": {\"orgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"shortName\": \"trendmicro\", \"dateUpdated\": \"2024-10-22T18:28:49.537Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-48903\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-13T13:22:14.725Z\", \"dateReserved\": \"2024-10-09T19:03:26.733Z\", \"assignerOrgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"datePublished\": \"2024-10-22T18:28:49.537Z\", \"assignerShortName\": \"trendmicro\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0880

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Trend Micro	N/A	Cloud Edge version 5.6 SP2 antérieures à 5.6 SP2 build 3228
Trend Micro	N/A	Deep Security Agent versions antérieures à 20.0.1-17380
Trend Micro	N/A	Cloud Edge version 7.0 antérieures à 7.0 build 1081

References

Title

Publication Time

Tags

Bulletin de sécurité Trend Micro KA-0017998	2024-10-15	vendor-advisory
Bulletin de sécurité Trend Micro KA-0017997	2024-10-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cloud Edge version 5.6 SP2 ant\u00e9rieures \u00e0 5.6 SP2 build 3228",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Deep Security Agent versions ant\u00e9rieures \u00e0 20.0.1-17380",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Edge version 7.0 ant\u00e9rieures \u00e0 7.0 build 1081",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-48904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48904"
    },
    {
      "name": "CVE-2024-48903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48903"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0880",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend Micro. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
  "vendor_advisories": [
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0017998",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0017998"
    },
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0017997",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0017997"
    }
  ]
}

CERTFR-2024-AVI-0880

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Trend Micro	N/A	Cloud Edge version 5.6 SP2 antérieures à 5.6 SP2 build 3228
Trend Micro	N/A	Deep Security Agent versions antérieures à 20.0.1-17380
Trend Micro	N/A	Cloud Edge version 7.0 antérieures à 7.0 build 1081

References

Title

Publication Time

Tags

Bulletin de sécurité Trend Micro KA-0017998	2024-10-15	vendor-advisory
Bulletin de sécurité Trend Micro KA-0017997	2024-10-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cloud Edge version 5.6 SP2 ant\u00e9rieures \u00e0 5.6 SP2 build 3228",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Deep Security Agent versions ant\u00e9rieures \u00e0 20.0.1-17380",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Edge version 7.0 ant\u00e9rieures \u00e0 7.0 build 1081",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-48904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48904"
    },
    {
      "name": "CVE-2024-48903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48903"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0880",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend Micro. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
  "vendor_advisories": [
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0017998",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0017998"
    },
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0017997",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0017997"
    }
  ]
}

WID-SEC-W-2024-3209

Vulnerability from csaf_certbund - Published: 2024-10-15 22:00 - Updated: 2024-10-15 22:00

Summary

Trend Micro Deep Security Agent: Schwachstelle ermöglicht Privilegieneskalation

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Trend Micro Deep Security Agent dient der Umsetzung von Sicherheitsrichtlinien.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro Deep Security Agent ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Trend Micro Deep Security Agent dient der Umsetzung von Sicherheitsrichtlinien.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro Deep Security Agent ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3209 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3209.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3209 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3209"
      },
      {
        "category": "external",
        "summary": "Trend Micro Security Bulletin vom 2024-10-15",
        "url": "https://success.trendmicro.com/en-US/solution/KA-0017997"
      }
    ],
    "source_lang": "en-US",
    "title": "Trend Micro Deep Security Agent: Schwachstelle erm\u00f6glicht Privilegieneskalation",
    "tracking": {
      "current_release_date": "2024-10-15T22:00:00.000+00:00",
      "generator": {
        "date": "2024-10-16T11:15:12.890+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3209",
      "initial_release_date": "2024-10-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c20.0.1-17380",
                "product": {
                  "name": "Trend Micro Deep Security Agent \u003c20.0.1-17380",
                  "product_id": "T038451"
                }
              },
              {
                "category": "product_version",
                "name": "20.0.1-17380",
                "product": {
                  "name": "Trend Micro Deep Security Agent 20.0.1-17380",
                  "product_id": "T038451-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:trendmicro:deep_security_agent:20.0.1-17380"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Deep Security Agent"
          }
        ],
        "category": "vendor",
        "name": "Trend Micro"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-48903",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Trend Micro Deep Security Agent. Dieser Fehler existiert wegen einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erh\u00f6hen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038451"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-48903"
    }
  ]
}

JVNDB-2024-012017

Vulnerability from jvndb - Published: 2024-11-06 11:00 - Updated:2024-11-06 11:00

Summary

Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control

Details

Trend Micro Incorporated has released a security update for Deep Security 20 Agent (for Windows) to fix a improper access control vulnerability (CVE-2024-48903). Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.

References

Type

URL

	JVN	https://jvn.jp/en/vu/JVNVU96058081/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-48903

Impacted products

Vendor

Product

Trend Micro, Inc.

Deep Security Agent

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-012017.html",
  "dc:date": "2024-11-06T11:00+09:00",
  "dcterms:issued": "2024-11-06T11:00+09:00",
  "dcterms:modified": "2024-11-06T11:00+09:00",
  "description": "Trend Micro Incorporated has released a security update for Deep Security 20 Agent (for Windows) to fix a improper access control vulnerability (CVE-2024-48903).\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-012017.html",
  "sec:cpe": {
    "#text": "cpe:/a:trendmicro:deep_security_agent",
    "@product": "Deep Security Agent",
    "@vendor": "Trend Micro, Inc.",
    "@version": "2.2"
  },
  "sec:identifier": "JVNDB-2024-012017",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96058081/index.html",
      "@id": "JVNVU#96058081",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-48903",
      "@id": "CVE-2024-48903",
      "@source": "CVE"
    }
  ],
  "title": "Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control"
}

FKIE_CVE-2024-48903

Vulnerability from fkie_nvd - Published: 2024-10-22 19:15 - Updated: 2025-07-31 16:07

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@trendmicro.com	https://success.trendmicro.com/en-US/solution/KA-0017997	Vendor Advisory
	security@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-24-1419/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	trendmicro	deep_security_agent	*
	microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:*:update17380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "5C6B6887-472A-4732-A462-7B70262CB06C",
              "versionEndExcluding": "20.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control de acceso inadecuado en Trend Micro Deep Security Agent 20 podr\u00eda permitir que un atacante local aumente los privilegios en las instalaciones afectadas. Tenga en cuenta que, para explotar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino."
    }
  ],
  "id": "CVE-2024-48903",
  "lastModified": "2025-07-31T16:07:18.630",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security@trendmicro.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-22T19:15:06.590",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/en-US/solution/KA-0017997"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1419/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-PGFM-49CM-23CX

Vulnerability from github – Published: 2024-10-22 21:30 – Updated: 2024-10-22 21:30

Details

An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-48903"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-22T19:15:06Z",
    "severity": "HIGH"
  },
  "details": "An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-pgfm-49cm-23cx",
  "modified": "2024-10-22T21:30:37Z",
  "published": "2024-10-22T21:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48903"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0017997"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1419"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-48903 (GCVE-0-2024-48903)

CERTFR-2024-AVI-0880

Solutions

CERTFR-2024-AVI-0880

Solutions

WID-SEC-W-2024-3209

JVNDB-2024-012017

FKIE_CVE-2024-48903

GHSA-PGFM-49CM-23CX

Tags

Sightings

Nomenclature