CVE-2024-7399

Name of the Vulnerable Software and Affected Versions Samsung MagicINFO 9 Server versions prior to 21.1050

Description An improper limitation of a pathname to a restricted directory allows unauthenticated remote attackers to write arbitrary files with system authority. This issue is linked to the getFileFromMultipartFile function and the HttpServletRequest.getParameter() function, where the system incorrectly constructs a file system path by combining a constant directory, a timestamp, and the fileName variable. Attackers can exploit this to upload malicious JSP scripts outside the intended directory, leading to remote code execution. This flaw has been actively exploited in the wild by the Mirai botnet to hijack digital signage systems and was used in a breach of a real estate company where an attacker gained system access and dumped a database containing an estimated 200,000 to 300,000 customer records.

Recommendations Update Samsung MagicINFO 9 Server to version 21.1050 or newer.