A high-risk vulnerability (CVE-2024-48903) has been identified in Trend Micro Deep Security Agent, posing significant risks including privilege escalation and denial of service (DoS) attacks. Immediate action is recommended.
We want to alert all customers and relevant departments about a high-risk vulnerability identified in Trend Micro Deep Security Agent. This vulnerability, tagged CVE-2024-48903, has a CVSS score of 7.8 and is classified as Improper Access Control, allowing authenticated attackers to escalate privileges and execute Denial of Service (DoS) attacks.
If your organization is using a vulnerable version of this product, we highly recommend that you update to version 20.0.1-17380 or the latest version immediately to reduce the potential impact of this issue.
Details:
Name: Trend Micro Deep Security Agent
CVE: CVE-2024-48903
Risk Level: High
CVSS Score: 7.8
Issue: Local Privilege Escalation and Denial of Service (DoS)
Vulnerable Versions: All versions before 20.0.1-17380
Fixed Version: 20.0.1-17380 or later
Publication Date: October 15, 2024
Solution:It is critical to update Trend Micro Deep Security Agent to version 20.0.1-17380 or the latest version. Please refer to the following resources for patch details and further guidance:
Action Required:
Verify the product version your organization is using.
If affected, promptly update to the latest version.
Ensure all activities align with your organization’s Change Management Policy.
If your organization does not use the affected version, this message can be disregarded. However, regular patch management is always advised to maintain security.
Comments