Privilege Escalation Vulnerability in Qi-ANXIN Tianqing Endpoint Security Management System
CVE-2024-57394

8.8HIGH

Key Information:

Vendor

Qi-ANXIN

Status
Tianqing Endpoint Security Management System
Vendor
CVE Published:
21 April 2025

What is CVE-2024-57394?

The Qi-ANXIN Tianqing Endpoint Security Management System v10.0 is vulnerable due to its quarantine-restore function, which permits users to retrieve malicious files to arbitrary file paths. This flaw can be exploited by attackers to introduce malicious DLL files into system paths, leveraging existing Windows DLL hijacking vulnerabilities to gain elevated privileges on affected systems.

References

https://en.qianxin.com/product/detail/165
https://github.com/cwjchoi01/CVE-2024-57394

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.