CVE-2024-57695 is a vulnerability identified in Agnitum Outpost Security Suite versions 7.5.3 (build 3942.608.1810) and 7.6 (build 3984.693.1842). The flaw resides in the 'lock' function of the software, which can be exploited by a local attacker to execute arbitrary code without requiring any privileges or user interaction. This vulnerability is classified under CWE-77, which relates to command injection issues. The attacker can leverage this flaw to compromise the confidentiality and integrity of the affected system by executing malicious code locally, potentially leading to unauthorized data access or system manipulation. The vulnerability does not affect system availability directly. The manufacturer addressed and fixed this issue in version 8.0 (build 4164.652.1856), released on December 17, 2012. Despite the fix being available for over a decade, the CVE was only published in 2025, indicating either a delayed disclosure or rediscovery. The CVSS v3.1 base score is 7.7, reflecting a high severity due to the ease of exploitation (low attack complexity), no privileges required, and significant impact on confidentiality and integrity. No known exploits have been reported in the wild, suggesting limited active exploitation currently. However, systems running these outdated versions remain vulnerable to local attackers who can gain access to the machine.

For European organizations, this vulnerability poses a significant risk if they continue to use the affected versions of Agnitum Outpost Security Suite. The ability for a local attacker to execute arbitrary code can lead to unauthorized access to sensitive data, manipulation of system configurations, and potential lateral movement within the network. Confidentiality and integrity of critical information could be compromised, especially in environments where endpoint security software is trusted to enforce security policies. Although the attack requires local access, insider threats or attackers who have gained limited footholds could exploit this vulnerability to escalate privileges or maintain persistence. The lack of availability impact reduces the risk of denial-of-service but does not diminish the severity of data breaches or system compromise. European sectors with high security requirements, such as finance, healthcare, and government, could face regulatory and reputational damage if exploited. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially given the age of the fix and potential for unpatched legacy systems.

The primary mitigation is to upgrade all instances of Agnitum Outpost Security Suite to version 8.0 or later, which contains the fix for this vulnerability. Organizations should conduct an inventory to identify any systems still running versions 7.5.3 or 7.6 and prioritize their upgrade. In environments where upgrading is not immediately feasible, restrict local access to trusted personnel only and implement strict endpoint access controls and monitoring to detect suspicious activities. Employ application whitelisting and behavior-based endpoint detection to identify attempts to exploit the lock function. Regularly audit and harden local user permissions to minimize the risk of unauthorized local code execution. Additionally, educate staff about the risks of local attacks and enforce policies to prevent unauthorized physical or remote local access. Finally, maintain up-to-date threat intelligence feeds to monitor for any emerging exploit attempts targeting this vulnerability.