Attackers can create arbitrary folders in system directory via symbolic link in Samsung Magician 8.1.0 installer
CVE-2024-53921

2.8LOW

Key Information:

Vendor: Samsung
Status: Magician
Vendor: CVE Published:; 3 December 2024

What is CVE-2024-53921?

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2024