CVE-2024-45335 - Vulnerability Details - OpenCVE

Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Trend Micro Inc	Antivirus One
Trendmicro	Antivirus One

Configuration 1 [-]

cpe:2.3:a:trendmicro:antivirus_one:*:*:*:*:*:macos:*:*

No data.

References

Link	Providers
https://helpcenter.trendmicro.com/en-us/article/tmka-07255

History

Thu, 13 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1037

Fri, 25 Oct 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendmicro Trendmicro antivirus One
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:trendmicro:antivirus_one::::::macos::*
Vendors & Products		Trendmicro Trendmicro antivirus One

Wed, 23 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trend Micro Inc Trend Micro Inc antivirus One
CPEs		cpe:2.3:a:trend_micro_inc:antivirus_one::::::::
Vendors & Products		Trend Micro Inc Trend Micro Inc antivirus One
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 22 Oct 2024 18:45:00 +0000

Type	Values Removed	Values Added
Description		Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection.
References		https://helpcenter.trendmicro.com/en-us/article/tmka-07255
Metrics		cvssV3_1 `{'score': 8.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2024-10-22T18:27:58.171Z

Updated: 2025-03-13T15:02:04.676Z

Reserved: 2024-08-27T16:15:25.077Z

Link: CVE-2024-45335

Vulnrichment

Updated: 2024-10-22T19:17:58.432Z

NVD

Status : Modified

Published: 2024-10-22T19:15:05.840

Modified: 2025-03-13T15:15:48.360

Link: CVE-2024-45335

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45335", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "state": "PUBLISHED", "assignerShortName": "trendmicro", "dateReserved": "2024-08-27T16:15:25.077Z", "datePublished": "2024-10-22T18:27:58.171Z", "dateUpdated": "2025-03-13T15:02:04.676Z"}, "containers": {"cna": {"affected": [{"vendor": "Trend Micro, Inc.", "product": "Trend Micro Antivirus One", "versions": [{"version": "3.10.4", "status": "affected", "versionType": "semver", "lessThan": "3.10.6"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection."}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2024-10-22T18:27:58.171Z"}, "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07255"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1037", "lang": "en", "description": "CWE-1037 Processor Optimization Removal or Modification of Security-critical Code"}]}], "affected": [{"vendor": "trend_micro_inc", "product": "antivirus_one", "cpes": ["cpe:2.3:a:trend_micro_inc:antivirus_one:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.10.4", "status": "affected", "lessThan": "3.10.6", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T19:15:57.089569Z", "id": "CVE-2024-45335", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T15:02:04.676Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45335", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-22T19:15:57.089569Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:trend_micro_inc:antivirus_one:*:*:*:*:*:*:*:*"], "vendor": "trend_micro_inc", "product": "antivirus_one", "versions": [{"status": "affected", "version": "3.10.4", "lessThan": "3.10.6", "versionType": "semver"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1037", "description": "CWE-1037 Processor Optimization Removal or Modification of Security-critical Code"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T19:17:58.432Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Trend Micro, Inc.", "product": "Trend Micro Antivirus One", "versions": [{"status": "affected", "version": "3.10.4", "lessThan": "3.10.6", "versionType": "semver"}]}], "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07255"}], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection."}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2024-10-22T18:27:58.171Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45335", "state": "PUBLISHED", "dateUpdated": "2025-03-13T15:02:04.676Z", "dateReserved": "2024-08-27T16:15:25.077Z", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "datePublished": "2024-10-22T18:27:58.171Z", "assignerShortName": "trendmicro"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:antivirus_one:*:*:*:*:*:macos:*:*", "matchCriteriaId": "0EF1EBC8-B7CC-45F4-B61C-2C1E58FB136B", "versionEndExcluding": "3.10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection."}, {"lang": "es", "value": " Trend Micro Antivirus One, versi\u00f3n 3.10.4 y anteriores contiene una vulnerabilidad que podr\u00eda permitir a un atacante utilizar un virus espec\u00edficamente manipulado para poder omitir y evadir la detecci\u00f3n de un an\u00e1lisis de virus."}], "id": "CVE-2024-45335", "lastModified": "2025-03-13T15:15:48.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 6.0, "source": "security@trendmicro.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-22T19:15:05.840", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07255"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1037"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}