Arbitrary File Write Vulnerability in Samsung MagicINFO 9 Server
CVE-2024-7399

8.8HIGH

Key Information:

Vendor

Samsung Electronics

Status
Magicinfo 9 Server
Vendor
CVE Published:
12 August 2024

Badges

🔥 Trending now📈 Trended📈 Score: 2,030💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2024-7399?

CVE-2024-7399 is a serious security vulnerability found in the Samsung MagicINFO 9 Server. This software is widely used for digital signage management, enabling organizations to control and display content across various screens. The vulnerability stems from improper restrictions on file paths, allowing attackers with sufficient skill to write arbitrary files with system-level privileges. If successfully exploited, this could lead to significant disruptions in an organization’s operations, potential data loss, and unauthorized access to sensitive information.

Technical Details

The flaw in CVE-2024-7399 arises from a failure to properly validate the pathname associated with file storage within versions of the Samsung MagicINFO 9 Server prior to version 21.1050. This inadequacy permits attackers to overwrite or create files in arbitrary locations on the server, which can have extensive ramifications, especially if sensitive files or configurations are targeted. Attackers may leverage this vulnerability to execute additional malicious actions, resembling behaviors seen in more severe attack scenarios.

Potential impact of CVE-2024-7399

  1. Data Compromise: The ability to write arbitrary files could facilitate unauthorized access to sensitive data stored on the server, risking exposure of confidential organizational information.

  2. Service Disruption: Malicious actors could replace or corrupt crucial files, leading to disruptions in services that rely on the MagicINFO 9 Server. This could hinder the organization’s ability to effectively communicate or engage with its audience.

  3. Escalation of Attacks: By gaining system-level access, attackers could pivot to exploit further vulnerabilities within the organization’s network, increasing the potential for comprehensive breaches or ransomware deployment.

Affected Version(s)

MagicINFO 9 Server Windows 0 < 21.1050

News Articles

favicon imageInfosecurity Magazine

Confusion Reigns as Threat Actors Exploit Samsung MagicInfo Flaw

Researchers spot in-the-wild exploits of Samsung MagicInfo despite recent patch

4 days ago

favicon imageHelp Net Security

Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399) - Help Net Security

An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO is being leveraged by attackers.

4 days ago

favicon imageBleepingComputer

Samsung MagicINFO 9 Server RCE flaw now exploited in attacks

Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware.

6 days ago

References

https://security.samsungtv.com/securityUpdates
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anonymous working with Trend Mirco Zero Day Initiative
.
CVE-2024-7399 : Arbitrary File Write Vulnerability in Samsung MagicINFO 9 Server