CVE-2024-57394

Published: Apr 21, 2025Modified: Jun 23, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities.

Affected (1)

Products: Qianxin: Tianqing Endpoint Security Management System

1 product

Tianqing Endpoint Security Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qianxin Tianqing Endpoint Security Management System	Version 10.0

Related CWEs

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (2)

https://en.qianxin.com/product/detail/165

Source: cve@mitre.org

Product

https://github.com/cwjchoi01/CVE-2024-57394

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.