Privilege Escalation Vulnerability in Samsung Magician Software
CVE-2024-31952

6.7MEDIUM

Key Information:

Vendor: Samsung
Status: Magician
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-31952?

An identified issue exists within the Samsung Magician software on macOS, specifically version 8.0.0. The installation process employs symbolic links, which could be exploited by an attacker who already possesses user privileges. During the installation phase, if an administrator password is provided, the attacker can manipulate file permissions arbitrarily, leading to potential privilege escalation. This vulnerability underscores the importance of addressing security concerns related to software installation practices.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024