CVE-2024-57394

Name of the Vulnerable Software and Affected Versions Qi-ANXIN Tianqing Endpoint Security Management System version 10.0

Description The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System allows users to restore malicious files to arbitrary file paths. Attackers can exploit this by writing malicious DLLs to system paths and performing privilege escalation by leveraging Windows DLL hijacking vulnerabilities.

Recommendations For Qi-ANXIN Tianqing Endpoint Security Management System version 10.0, consider disabling the quarantine - restore function until a patch is available to prevent the restoration of malicious files to arbitrary paths. Restrict access to system paths where malicious DLLs could be written to minimize the risk of exploitation. Avoid using the quarantine - restore function with untrusted or potentially malicious files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.