CVE-2024-7399

Name of the Vulnerable Software and Affected Versions Samsung MagicINFO 9 Server versions prior to 21.1050

Description The issue is described as an improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server. This vulnerability allows attackers to write arbitrary files with system privileges, enabling remote code execution without authentication. The Mirai botnet is actively exploiting this vulnerability, and it has been observed in real-world attacks. The vulnerability is related to the getFileFromMultipartFile function, which does not properly check the path when handling file uploads, allowing attackers to upload JSP scripts outside the permitted directory and gain remote access to execute commands on the server.

Recommendations To resolve the issue, update Samsung MagicINFO 9 Server to version 21.1050 or later. As a temporary workaround, consider restricting access to the vulnerable getFileFromMultipartFile function until a patch is available. Additionally, avoid using the vulnerable function to upload files until the issue is resolved.