- Security researchers have seen an error on the Samsung Magicinfo 9 server abused in nature
- It is being used to implement malware
- The error was solved in August 2024, so users should patch now
Cybercriminals are abusing vulnerability on the Samsung Magicinfo 9 server that was paveled almost a year ago.
Cybersecurity researchers SSD-Disclosure published an in-depth analysis and a proof of concept (POC) of the threat against the company’s digital signaling content management system.
It is used to administer, program and monitor multimedia content on Samsung Smart screens, and is a popular solution in different industries, such as retail trade or transport.
Poc and abuse
In August 2024, Samsung announced the repair of a vulnerability of remote code execution. He described it as an “inadequate limitation of a route name to a vulnerability of restricted directory that allows attackers to write arbitrary files as the authority of the system.” He traced as CVE-2024-7399, and was given a severity score of 8.8/10 (high).
Bleepingcomputer He described it as an ability to load malware through a file load functionality aimed at updating the visualization content. Samsung directed it in version 21,1050.
Despite being fixed almost a year ago, threat actors are finding final points not formed to point. SSD-Disclosure said that the attackers are carrying malicious .JSP files through a request after the non-authenticated publication.
In addition, the security firm Arctic Wolf pointed out how, several days after the PIC was released, he observed that the defect was leveraged in the attacks.
“Given the low barrier for the exploitation and availability of a POC public, it is likely that threat actors continue to point to this vulnerability,” the researchers said.
We do not know how successful these attacks are, who are the threat actors or how many organizations were victims. Nor do we know if threat actors are focusing on any specific industry, or if they are simply launching a wide network.
In any case, organizations that use the Samsung Magicinfo 9 server are recommended to apply the last patch, or at least bring their software to version 21,1050 to mitigate the risks.
Through Bleepingcomputer
