CVE-2024-57695
BaseFortify
Publication date: 2025-11-11
Last updated on: 2026-01-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opswat | outpost_security_suite | 7.5.3\(3942.608.1810\) |
| opswat | outpost_security_suite | 7.6\(3984.693.1842\) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Agnitum Outpost Security Suite versions 7.5.3 and 7.6, where if the antivirus prompts the user to allow or deny a suspicious program and the user locks the workstation immediately after, the antivirus mistakenly interprets the lock action as implicit approval. This causes the antivirus to switch from a restrictive mode to a permissive mode, allowing previously blocked actions to proceed without explicit user consent. This flaw can be exploited using a simple script that launches a program, waits for the prompt, and then locks the workstation, effectively bypassing the antivirus's proactive protection. [2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code on the affected system by bypassing the antivirus's proactive protection. As a result, unauthorized programs or services can be installed and started without the user's explicit permission, potentially leading to system compromise, unauthorized access, or other malicious activities. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the exploit scenario on a system running vulnerable versions (7.5.3 or 7.6) of Agnitum Outpost Security Suite. A simple test involves running a batch script that launches a target executable, waits for the antivirus prompt, and then locks the workstation to see if the antivirus implicitly allows the action. The example batch commands are: start 1.exe ping 127.0.0.1 -n 10 -w 10000 > NULL rundll32.exe user32.dll,LockWorkStation If the action (such as installing or starting a service) succeeds despite the antivirus prompt, the vulnerability is present. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Agnitum Outpost Security Suite to version 8.0 (4164.652.1856) or later, where the vulnerability has been fixed. Until the upgrade, avoid locking the workstation immediately after the antivirus prompts for permission, as this triggers the vulnerability. Additionally, consider disabling or limiting the proactive protection mode to reduce risk. [2]