CVE-2024-48904

Published Oct 22, 2024

Last updated 25 days ago

CVSS critical 9.8

Overview

Description
An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability.
Source
security@trendmicro.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-77

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Actively exploited CVE : CVE-2024-48904

    @transilienceai

    17 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2024-48904

    @transilienceai

    12 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2024-48904

    @transilienceai

    5 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-48904

    @transilienceai

    4 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. [CVE-2024-48904: CRITICAL] Vulnerability alert: Command injection flaw in Trend Micro Cloud Edge enables remote attackers to run code on affected devices without authentication. #cybersecurity#cybersecurity,#vulnerability https://t.co/TcCjJbESVH https://t.co/B5vATgzyVO

    @CveFindCom

    22 Oct 2024

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Zafiyet Duyurusu: Trend Micro Cloud Edge Network Security 🚨 Daha fazla bilgi için: https://t.co/eq9rNC3R3K #CVE202448904 CVE-2024-48904 https://t.co/ppZuV2qSaU

    @cybSec4everyone

    20 Oct 2024

    103 Impressions

    0 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  7. Top 5 Trending CVEs: 1 - CVE-2024-38178 2 - CVE-2024-9264 3 - CVE-2024-48904 4 - CVE-2019-5790 5 - CVE-2024-7254 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    20 Oct 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🔴 CVE-2024-48904: Trend Micro Cloud Edge Command Injection RCE Vulnerability (critical). [+] https://t.co/JAdb7pFmAF https://t.co/3RTLghthdR

    @1ZRR4H

    19 Oct 2024

    7739 Impressions

    39 Retweets

    91 Likes

    26 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨🚨🚨 トレンドマイクロのCloud Edge(UTM製品)で認証なしのRCE脆弱性。 exploitにはいくつか条件が必要のようですが、早急にアップデートするようにとのこと。 CVE-2024-48904 SECURITY BULLETIN: Trend Micro Cloud Edge Command Injection RCE Vulnerability https://t.co/QWnctgpwbF

    @autumn_good_35

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨CVE Alert: Critical Trend Micro Cloud Edge Command Injection RCE Vulnerability🚨 Vulnerability Details: CVE-2024-48904(CVSS 9.8/10)Trend Micro Cloud Edge Command Injection RCE Vulnerability Impact A Successful exploit may allow a remote attacker to execute arbitrary code on

    @CyberxtronTech

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Trend Micro Cloud Edgeで重大(Critical)なコマンドインジェクションの脆弱性CVE-2024-48904が修正された。CVSSスコア9.8で、無認証で任意のコードを実行可能。 https://t.co/mc4xaNNjaq

    @__kokumoto

    2770 Impressions

    20 Retweets

    37 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  12. [ZDI-24-1418|CVE-2024-48904] Trend Micro Cloud Edge REST API Command Injection Remote Code Execution Vulnerability (CVSS 9.8) https://t.co/1l3PKn86LD

    @TheZDIBugs

    684 Impressions

    2 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨🚨🚨 トレンドマイクロのCloud Edge(UTM製品)で認証なしのRCE脆弱性。できる限り早急にアップデートするようにとのこと。 CVE-2024-48904 SECURITY BULLETIN: Trend Micro Cloud Edge Command Injection RCE Vulnerability https://t.co/QWnctgpwbF

    @autumn_good_35

    990 Impressions

    3 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨🚨CVE-2024-48904 (CVSS: 9.8) : Critical Command Injection Vulnerability in Trend Micro Cloud Edge ⚠️This flaw could allow a remote attacker to execute arbitrary code on affected devices without authentication. ZoomEye Dork👉app:"Trend Micro™ Cloud Edge" 266 results are found…

    @zoomeye_team

    448 Impressions

    0 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  15. Warning: Critical Command Injection in @TrendMicro Cloud Edge. #CVE-2024-48904 CVSS: 9.8. This could allow a remote attacker to execute arbitrary code on affected devices without authentication! #Patch #Patch #Patch https://t.co/UBOcROEBfX

    @CCBalert

    245 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Trend Micro fixes Critical Vulnerability CVE-2024-48904 #TrendMicro #CVE-2024-48904 https://t.co/5HtThLWOil

    @pravin_karthik

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References