CVE-2024-7399
CVE-2024-7399
In short
Samsung MagicINFO 9 Server versions before 21.1050 have a flaw that allows attackers to write files anywhere on the system with administrative privileges. This is dangerous because it can lead to complete system compromise.
Technical detail
Path traversal vulnerability (CWE-22) combined with unrestricted file upload (CWE-434) in Samsung MagicINFO 9 Server before version 21.1050 enables remote attackers to bypass directory restrictions and write arbitrary files with system-level permissions. Exploitation requires network access to the affected server and results in complete system compromise through arbitrary code execution or configuration manipulation.
Summary generated and translated by AI from the official description.
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Samsung Electronics · MagicINFO 9 Serverpublic PoCs found — 1
githubgithub.com/davidxbors/CVE-2024-7399-POC★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →