Trend Micro has patched a command injection vulnerability in its Cloud Edge appliance that could allow a remote attacker to execute arbitrary code on affected devices without authentication.
This vulnerability, tracked as CVE-2024-48904 and assigned a CVSS score of 9.8 and affects the Cloud Edge 5.6SP2 and 7.0.
Advertisements
Exploiting this vulnerability typically requires access to the vulnerable machine, the fact that authentication is not required makes it a serious threat.
Trend Micro has released updated builds to address the vulnerability:
- Cloud Edge: 5.6 SP2 build 3228 & 7.0 build 1081
Trend Micro urges all users to update their Cloud Edge appliances to mitigate the risk of potential attacks.
