CVE-2024-57695

Description

An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the vulnerability in version 8.0 (4164.652.1856) from December 17, 2012.

CVSS Details

CVSS Score

7.7

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:opswat:outpost_security_suite:7.5.3\(3942.608.1810\):*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:opswat:outpost_security_suite:7.6\(3984.693.1842\):*:*:*:*:*:*:* - VULNERABLE

Agnitum Outpost Security Suite 7.5.3 (3942.608.1810)

Agnitum Outpost Security Suite 7.6 (3984.693.1842)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2024-57695 PoC - Agnitum Outpost Security Suite Lock Function EoP
# This PoC demonstrates the privilege escalation via the lock function vulnerability

import ctypes
import sys
import time

def trigger_lock_vulnerability():
    """
    Trigger the lock function vulnerability in Outpost Security Suite
    to achieve privilege escalation.
    
    Note: This is a conceptual PoC. Actual exploitation requires:
    - Target system running Outpost Security Suite 7.5.3 or 7.6
    - Local user access with low privileges
    - Specific timing and conditions to trigger the race condition
    """
    print("[*] CVE-2024-57695 Outpost Security Suite Lock Function EoP")
    print("[*] Target: Outpost Security Suite 7.5.3/7.6")
    
    # Step 1: Identify Outpost processes
    print("[+] Step 1: Identifying Outpost Security Suite processes...")
    outpost_processes = ["acs.exe", "outpost.exe", "OutpostFirewall.exe"]
    for proc in outpost_processes:
        print(f"    - Checking for {proc}")
    
    # Step 2: Trigger the lock function
    print("[+] Step 2: Triggering lock function vulnerability...")
    # In actual exploitation, this would involve:
    # - Calling the vulnerable lock function exported by Outpost driver
    # - Exploiting the improper privilege validation in the lock/unlock sequence
    print("    - Invoking lock function via IPC/ALPC message...")
    
    # Step 3: Exploit race condition during lock/unlock transition
    print("[+] Step 3: Exploiting race condition...")
    print("    - Injecting payload during privilege transition window...")
    
    # Step 4: Execute code with elevated privileges
    print("[+] Step 4: Executing payload with elevated privileges...")
    # Payload execution context would be SYSTEM or admin level
    print("    - Spawning shell with elevated privileges...")
    
    return True

def check_vulnerable_version():
    """Check if the target is running a vulnerable version"""
    print("[*] Checking Outpost Security Suite version...")
    # Registry path: HKLM\SOFTWARE\Agnitum\OutpostFirewall\Setup
    # Vulnerable versions: < 8.0 (4164.652.1856)
    return False

if __name__ == "__main__":
    print("=" * 60)
    print("CVE-2024-57695 Agnitum Outpost Security Suite EoP PoC")
    print("=" * 60)
    
    if not check_vulnerable_version():
        print("[-] Target is not running a vulnerable version")
        print("[-] Please test on Outpost Security Suite 7.5.3 or 7.6")
        sys.exit(1)
    
    if trigger_lock_vulnerability():
        print("[+] Exploitation successful!")
    else:
        print("[-] Exploitation failed")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-57695
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-57695
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-57695/
[4] VulDB https://vuldb.com/cve/CVE-2024-57695
[5] https://habr.com/en/articles/161393/
[6] https://www.youtube.com/watch?v=fvgD884wCX8

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-57695", "sourceIdentifier": "[email protected]", "published": "2025-11-11T15:15:34.807", "lastModified": "2026-01-02T21:02:06.917", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the vulnerability in version 8.0 (4164.652.1856) from December 17, 2012."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-77"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:opswat:outpost_security_suite:7.5.3\\(3942.608.1810\\):*:*:*:*:*:*:*", "matchCriteriaId": "F958C4D6-BBFB-4A60-9EF6-A911132CA115"}, {"vulnerable": true, "criteria": "cpe:2.3:a:opswat:outpost_security_suite:7.6\\(3984.693.1842\\):*:*:*:*:*:*:*", "matchCriteriaId": "8BB80EC5-90EB-4F88-8482-E10D2C08250A"}]}]}], "references": [{"url": "https://habr.com/en/articles/161393/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.youtube.com/watch?v=fvgD884wCX8", "source": "[email protected]", "tags": ["Exploit"]}]}}