CVE-2024-57695
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-11

Last updated on: 2026-01-02

Assigner: MITRE

Description
An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the vulnerability in version 8.0 (4164.652.1856) from December 17, 2012.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-11
Last Modified
2026-01-02
Generated
2026-06-16
AI Q&A
2025-11-11
EPSS Evaluated
2026-06-15
NVD
CVE-2024-57695
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
opswat outpost_security_suite 7.5.3\(3942.608.1810\)
opswat outpost_security_suite 7.6\(3984.693.1842\)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Agnitum Outpost Security Suite versions 7.5.3 and 7.6, where if the antivirus prompts the user to allow or deny a suspicious program and the user locks the workstation immediately after, the antivirus mistakenly interprets the lock action as implicit approval. This causes the antivirus to switch from a restrictive mode to a permissive mode, allowing previously blocked actions to proceed without explicit user consent. This flaw can be exploited using a simple script that launches a program, waits for the prompt, and then locks the workstation, effectively bypassing the antivirus's proactive protection. [2]

Impact Analysis

This vulnerability can allow a local attacker to execute arbitrary code on the affected system by bypassing the antivirus's proactive protection. As a result, unauthorized programs or services can be installed and started without the user's explicit permission, potentially leading to system compromise, unauthorized access, or other malicious activities. [2]

Detection Guidance

This vulnerability can be detected by attempting to reproduce the exploit scenario on a system running vulnerable versions (7.5.3 or 7.6) of Agnitum Outpost Security Suite. A simple test involves running a batch script that launches a target executable, waits for the antivirus prompt, and then locks the workstation to see if the antivirus implicitly allows the action. The example batch commands are: start 1.exe ping 127.0.0.1 -n 10 -w 10000 > NULL rundll32.exe user32.dll,LockWorkStation If the action (such as installing or starting a service) succeeds despite the antivirus prompt, the vulnerability is present. [2]

Mitigation Strategies

The immediate mitigation step is to upgrade Agnitum Outpost Security Suite to version 8.0 (4164.652.1856) or later, where the vulnerability has been fixed. Until the upgrade, avoid locking the workstation immediately after the antivirus prompts for permission, as this triggers the vulnerability. Additionally, consider disabling or limiting the proactive protection mode to reduce risk. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-57695. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart