- Security researchers have seen a bug in Samsung Magicinfo 9 server abused in the wild
- It is used to deploy malware
- The bug was corrected in August 2024, so users should patcher now
Cybercriminals abuse vulnerability in the Samsung Magicinfo 9 server which was corrected almost a year ago.
SSD-Divulgation cybersecurity researchers have published an in-depth analysis and proof of concept (POC) of the threat against the company’s digital content management system (CMS).
It is used to manage, plan and monitor multimedia content through Samsung smart screens, and is a popular solution in different industries such as retail or transport.
POC and abuse
In August 2024, Samsung announced the fixing of a vulnerability of remote code execution. He described it as an “inappropriate limitation of a path to a small repertoire vulnerability allowing attackers to write arbitrary files such as system authority”. It was followed as CVE-2024-7399 and received a gravity score of 8.8 / 10 (high).
Bleeping Compompute Described as an ability to download malware via a file download feature intended to update the display content. Samsung tackled it in version 21,1050.
Although they were set almost a year ago, threat actors find end -up points that are not treated to target. The disclosure of SSD said that attackers download malicious .JSP files via an unauthenticated post request.
In addition, the security company Arctic Wolf noted how, several days after the release of the POC, he observed that the flaw was exploited in the attacks.
“Given the low barrier to the exploitation and availability of a public POC, threat stakeholders are likely to continue to target this vulnerability,” the researchers said.
We do not know how these attacks are successful, who are the actors of the threat, nor how many organizations have been victims. We also do not know if threat actors focus on a specific industry, or if they simply throw a large net.
In all cases, organizations using the Samsung Magicinfo 9 server are invited to apply the last fix, or at least bring their software to version 21.1050 to mitigate the risks.
Via Bleeping Compompute
