Cyber Resilience

CVE-2024-7399

HighCISA KEVActive ExploitationEUVD Exploited

Published: 12 August 2024

Published
12 August 2024
Modified
24 April 2026
KEV Added
24 April 2026
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7289 98.8th percentile
Risk Priority 81 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7399 is a high-severity Path Traversal (CWE-22) vulnerability in Samsung Magicinfo 9 Server. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-7399 is a path traversal vulnerability, also described under CWE-434, that stems from improper limitation of a pathname to a restricted directory. It affects Samsung MagicINFO 9 Server versions prior to 21.1050 and permits an attacker to write arbitrary files with system-level authority. The flaw carries a CVSS 3.1 score of 8.8, reflecting network attack vector, low attack complexity, and low privileges required.

An authenticated attacker with low privileges can send specially crafted requests over the network to upload or write files outside intended directories. Successful exploitation grants the ability to modify system files, potentially leading to full control over confidentiality, integrity, and availability of the affected server.

Samsung has published security updates addressing the issue at its security portal. The vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog, and Arctic Wolf has reported observed exploitation attempts in the wild. The associated EPSS score reached a peak of 0.8440 before receding to its current value of 0.7289.

EU & UK References

Vulnerability details

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

CWE(s)
KEV Date Added
24 April 2026

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

samsung
magicinfo 9 server
≤ 21.1050.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of pathnames and file inputs to block traversal sequences that enable arbitrary system-level file writes.

prevent

Enforces access-control decisions on file-system objects so that low-privileged sessions cannot write outside authorized directories even if a traversal string is supplied.

prevent

Limits the privileges of the MagicINFO process and authenticated accounts, reducing the impact of any successful path-traversal write to something less than full system authority.

References