CVE-2024-57695
📋 TL;DR
A local privilege escalation vulnerability in Agnitum Outpost Security Suite allows attackers to execute arbitrary code via the lock function. This affects users of versions 7.5.3 and 7.6 on Windows systems. Attackers can gain elevated privileges on compromised systems.
💻 Affected Systems
- Agnitum Outpost Security Suite
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with administrative privileges, enabling installation of persistent malware, data theft, and lateral movement across the network.
Likely Case
Local attacker gains elevated privileges to install additional malware, disable security controls, or access sensitive data on the compromised system.
If Mitigated
Limited impact if proper access controls and monitoring are in place, though local privilege escalation still poses significant risk.
🎯 Exploit Status
Exploit details and proof-of-concept are publicly available in the provided references. Requires local access to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.0 (4164.652.1856)
Vendor Advisory: Not available - vendor no longer exists
Restart Required: Yes
Instructions:
1. Download version 8.0 or later from official sources. 2. Uninstall current vulnerable version. 3. Install updated version. 4. Restart system.
🔧 Temporary Workarounds
Disable lock function
windowsPrevent exploitation by disabling or restricting access to the vulnerable lock function
Not applicable - configuration through GUI
Remove vulnerable software
windowsUninstall Agnitum Outpost Security Suite and replace with modern security software
Control Panel > Programs > Uninstall a program > Select Agnitum Outpost Security Suite > Uninstall
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local access
- Deploy application whitelisting to prevent execution of unauthorized code
🔍 How to Verify
Check if Vulnerable:
Check installed version: Open Outpost Security Suite > Help > About. If version is 7.5.3 (3942.608.1810) or 7.6 (3984.693.1842), system is vulnerable.Check Version:
Not applicable - check through GUI onlyVerify Fix Applied:
Verify version is 8.0 (4164.652.1856) or later in Help > About menu.📡 Detection & Monitoring
Log Indicators:
- Unusual process creation from Outpost Security Suite components
- Failed privilege escalation attempts in Windows Event Logs
Network Indicators:
- Not applicable - local exploit only
SIEM Query:
EventID=4688 AND ProcessName LIKE '%outpost%' AND NewProcessName NOT IN (expected_outpost_processes)