CVE-2024-45334 - Vulnerability Details - OpenCVE

Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Trend Micro Inc	Antivirus One
Trendmicro	Antivirus One

Configuration 1 [-]

cpe:2.3:a:trendmicro:antivirus_one:*:*:*:*:*:macos:*:*

No data.

References

Link	Providers
https://helpcenter.trendmicro.com/en-us/article/TMKA-14461

History

Thu, 13 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284

Fri, 25 Oct 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendmicro Trendmicro antivirus One
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:trendmicro:antivirus_one::::::macos::*
Vendors & Products		Trendmicro Trendmicro antivirus One

Tue, 22 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trend Micro Inc Trend Micro Inc antivirus One
CPEs		cpe:2.3:a:trend_micro_inc:antivirus_one::::::::
Vendors & Products		Trend Micro Inc Trend Micro Inc antivirus One
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 22 Oct 2024 18:45:00 +0000

Type	Values Removed	Values Added
Description		Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions.
References		https://helpcenter.trendmicro.com/en-us/article/TMKA-14461
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2024-10-22T18:27:10.686Z

Updated: 2025-03-13T16:20:53.780Z

Reserved: 2024-08-27T16:15:25.077Z

Link: CVE-2024-45334

Vulnrichment

Updated: 2024-10-22T19:21:35.925Z

NVD

Status : Modified

Published: 2024-10-22T19:15:05.670

Modified: 2025-03-13T17:15:32.857

Link: CVE-2024-45334

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45334", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "state": "PUBLISHED", "assignerShortName": "trendmicro", "dateReserved": "2024-08-27T16:15:25.077Z", "datePublished": "2024-10-22T18:27:10.686Z", "dateUpdated": "2025-03-13T16:20:53.780Z"}, "containers": {"cna": {"affected": [{"vendor": "Trend Micro, Inc.", "product": "Trend Micro Antivirus One", "versions": [{"version": "3.10.4", "status": "affected", "versionType": "semver", "lessThan": "3.10.6"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions."}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2024-10-22T18:27:10.686Z"}, "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-14461"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "affected": [{"vendor": "trend_micro_inc", "product": "antivirus_one", "cpes": ["cpe:2.3:a:trend_micro_inc:antivirus_one:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.10.4", "status": "affected", "lessThan": "3.10.6", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T19:19:54.729415Z", "id": "CVE-2024-45334", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T16:20:53.780Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45334", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-22T19:19:54.729415Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:trend_micro_inc:antivirus_one:*:*:*:*:*:*:*:*"], "vendor": "trend_micro_inc", "product": "antivirus_one", "versions": [{"status": "affected", "version": "3.10.4", "lessThan": "3.10.6", "versionType": "semver"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T19:21:35.925Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Trend Micro, Inc.", "product": "Trend Micro Antivirus One", "versions": [{"status": "affected", "version": "3.10.4", "lessThan": "3.10.6", "versionType": "semver"}]}], "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-14461"}], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions."}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2024-10-22T18:27:10.686Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45334", "state": "PUBLISHED", "dateUpdated": "2025-03-13T16:20:53.780Z", "dateReserved": "2024-08-27T16:15:25.077Z", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "datePublished": "2024-10-22T18:27:10.686Z", "assignerShortName": "trendmicro"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:antivirus_one:*:*:*:*:*:macos:*:*", "matchCriteriaId": "0EF1EBC8-B7CC-45F4-B61C-2C1E58FB136B", "versionEndExcluding": "3.10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions."}, {"lang": "es", "value": "Trend Micro Antivirus One versiones 3.10.4 y anteriores (Consumidor) son vulnerables a una actualizaci\u00f3n de configuraci\u00f3n arbitraria que podr\u00eda permitir el acceso no autorizado a las configuraciones y funciones del producto."}], "id": "CVE-2024-45334", "lastModified": "2025-03-13T17:15:32.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "security@trendmicro.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-22T19:15:05.670", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-14461"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}