It looks like there’s a massive security flaw within the Samsung MagicINFO 9 Server, the main component of the MagicINFO digital signage software. Security researchers say that the latest version of MagicINFO 9 Server is vulnerable. The vulnerability allows hackers to take control of the system, upload malicious files, and run harmful commands.
In case you are unaware, MagicINFO 9 helps with user data, content, and display management. It’s a CMS (Centralized Content Management System) from Samsung, and you can use it to remotely manage digital signage displays. Businesses can manage a network of multiple displays using this, all from a single point. Remote hardware control, real-time monitoring, and other features make it stand out.
Samsung has not yet fixed the MagicINFO 9 Server vulnerability
On January 12, a researcher working with SSD Disclosure notified Samsung about the multiple security issues with the MagicINFO 9 server. A user who’s not authenticated can upload a web shell and also achieve remote code execution. This is under the Apache Tomcat process, and it’s a major security issue that’s actively under exploitation.
Samsung marked this as a duplicate issue and didn’t seem to take quick action. After over 90 days on April 30, a blog post from SSD Disclosure details the issue and says it affected Samsung’s latest MagicINFO 9 update (version 21.1050.0). This suggests that even the most up-to-date version is still vulnerable, and Samsung has not fixed the security flaw.
Now, Arctic Wolf, the threat research team, says that the security issue was being actively exploited in the wild. This is the result of the CVE-2024-7399 flaw. Its description reads: “Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
Additionally, Huntress, a threat-hunting cybersecurity platform, also says the latest 21.1050.0 version is still vulnerable to a proof-of-concept (PoC) attack. The team at Huntress has notified Samsung about the issue. To those who use the MagicINFO 9 server, security researchers recommend not using the internet with it until Samsung rolls out a fix for the security flaw.
