Trend Micro warns of critical vulnerability in Cloud Edge appliance
Take action: If you are using Trend Micro Cloud Edge appliance, this is an urgent action. Assemble the team, and apply the patch immediately. By it's very nature the appliance is communicating with the internet, and is a security product. It would be really bad if the hackers breach your security product.
Learn More
Trend Micro has issued an urgent security alert regarding a critical vulnerability in its Cloud Edge appliance. The Cloud Edge appliance is a unified threat management (UTM) solution that integrates both on-premises security and cloud-based scanning to provide robust network protection.
The flaw, tracked as CVE-2024-48904 (CVSS score 9.8) is a command injection flaw that could allow remote code execution without authentication on affected devices. If exploited, an attacker could execute arbitrary code, potentially compromising the system and any connected networks.The vulnerability impacts Cloud Edge versions 5.6SP2 and 7.0.
The company has released patched versions to remedy the issue:
- Cloud Edge 5.6 SP2 build 3228
- Cloud Edge 7.0 build 1081
Although no evidence of exploitation has been disclosed, the critical nature of this vulnerability makes it highly likely that malicious actors will attempt to leverage it. Given that no authentication is required to exploit the flaw, attackers could easily gain initial access to networks or escalate privileges within compromised systems.
Trend Micro urges all users to immediately update their Cloud Edge appliances to the latest patched versions.
