Cybersecurity experts warn that the recent patches for Samsung MagicINFO CMS vulnerability have been ineffective against active exploitation, even on updated systems. Threat actors are exploiting the flaw to upload malicious JSP files and execute remote code, posing significant security risks. (Affected: MagicINFO 9 Server versions 21.1050.0 and earlier)
Keypoints :
- The vulnerability, CVE-2024-7399, allows unauthenticated attackers to upload JSP files and execute arbitrary code on the server.
- Official patches released in August 2024 are currently ineffective, as exploits are active against systems even with the latest updates.
- Proof-of-concept exploit code is publicly available, working against versions 21.1050.0 and 21.1040.2 of MagicINFO 9 Server.
- Multiple vulnerabilities enable remote code execution and web shell uploads, impacting server security under the Apache Tomcat environment.
- Samsung was notified of these issues in January 2025 but classified the report as a duplicate, delaying comprehensive response.
- Threat actors, including Mirai botnets, are actively targeting vulnerable MagicINFO CMS systems in the wild.
- Experts recommend disconnecting affected servers from the internet until a proper patch is implemented to prevent further exploitation.
Read More: https://www.securityweek.com/improperly-patched-samsung-magicinfo-vulnerability-exploited-by-botnet/