Path Traversal Vulnerability Affects Quick Share Agent Versions
CVE-2024-49421

4.3MEDIUM

Key Information:

Vendor

Samsung
Status
Quick Share Agent
Vendor
CVE Published:
3 December 2024

Badges

šŸ“ˆ Score: 337šŸ“° News Worthy

What is CVE-2024-49421?

CVE-2024-49421 is a path traversal vulnerability found in the Quick Share Agent software developed by Samsung. This software is designed to facilitate the seamless sharing of files between devices within the same network. The vulnerability allows attackers with adjacent access to manipulate file paths, granting them the ability to write files to arbitrary locations on the system. This could lead to compromised systems, unauthorized file modifications, and potential exploitation by malicious actors, posing significant risks to organizations relying on this software for file sharing.

Technical Details

CVE-2024-49421 affects versions of Quick Share Agent prior to 3.5.14.47 for Android 12, 3.5.19.41 for Android 13, and 3.5.19.42 for Android 14. The flaw stems from improper validation of user input related to file paths. Because of this misconfiguration, attackers can create crafted requests that manipulate the file paths, leading the software to perform unauthorized actions such as writing files outside of intended directories. This vulnerability can potentially be exploited to plant malicious files on affected devices.

Potential Impact of CVE-2024-49421

  1. Unauthorized File Manipulation: Attackers could exploit this vulnerability to write files to sensitive areas of the filesystem, resulting in data corruption or unauthorized data access.

  2. Escalation of Privileges: By manipulating file paths, attackers may gain elevated privileges, allowing them to perform further malicious activities or deploy additional malware within the system.

  3. Compromise of Confidential Information: The ability to read or write files arbitrarily could lead to unauthorized access to confidential information, resulting in data breaches and loss of sensitive organizational data.

Affected Version(s)

Quick Share Agent 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14

News Articles

favicon imageGBHackers News

Galaxy S24 Vulnerability Poses Risk of Unauthorized File Access

A critical security flaw in Samsungā€™s Quick Share feature for the Galaxy S24 series has been disclosed, enabling attackers to create arbitrary files on vulnerable devices.

1 month ago

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • šŸ“°

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.