CVE-2024-7399
Published: 12 August 2024
Summary
CVE-2024-7399 is a high-severity Path Traversal (CWE-22) vulnerability in Samsung Magicinfo 9 Server. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-7399 is a path traversal vulnerability, also described under CWE-434, that stems from improper limitation of a pathname to a restricted directory. It affects Samsung MagicINFO 9 Server versions prior to 21.1050 and permits an attacker to write arbitrary files with system-level authority. The flaw carries a CVSS 3.1 score of 8.8, reflecting network attack vector, low attack complexity, and low privileges required.
An authenticated attacker with low privileges can send specially crafted requests over the network to upload or write files outside intended directories. Successful exploitation grants the ability to modify system files, potentially leading to full control over confidentiality, integrity, and availability of the affected server.
Samsung has published security updates addressing the issue at its security portal. The vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog, and Arctic Wolf has reported observed exploitation attempts in the wild. The associated EPSS score reached a peak of 0.8440 before receding to its current value of 0.7289.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-48330
Vulnerability details
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
- CWE(s)
- KEV Date Added
- 24 April 2026
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of pathnames and file inputs to block traversal sequences that enable arbitrary system-level file writes.
Enforces access-control decisions on file-system objects so that low-privileged sessions cannot write outside authorized directories even if a traversal string is supplied.
Limits the privileges of the MagicINFO process and authenticated accounts, reducing the impact of any successful path-traversal write to something less than full system authority.