CVE-2024-57394

HIGH

Qianxin Tianqing Endpoint Security Ma... - Privilege Escalation

Title source: rule

Description

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities.

Exploits (1)

nomisec WORKING POC

by cwjchoi01 · poc

https://github.com/cwjchoi01/CVE-2024-57394

View Code ZIP pw:eip

References (2)

[Product] https://en.qianxin.com/product/detail/165

[Exploit, Third Party Advisory] https://github.com/cwjchoi01/CVE-2024-57394

Scores

CVSS v3 8.8

EPSS 0.0040

EPSS Percentile 60.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-73

Status published

Products (1)

qianxin/tianqing_endpoint_security_management_system 10.0

Published Apr 21, 2025

Tracked Since Feb 18, 2026