PT-2024-7126 · Trend Micro · Trend Micro Cloud Edge
Published
2024-02-06
·
Updated
2025-07-31
·
CVE-2024-48904
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Trend Micro Cloud Edge (affected versions not specified)
Description
A command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. The vulnerability is related to the REST API and can be exploited without authentication. The issue is due to the lack of proper data sanitization on the management level, allowing an attacker to send a specially crafted HTTP request to the TCP port 8443. This could enable a remote attacker to execute arbitrary code on affected devices without authentication.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Trend Micro Cloud Edge