CVE-2024-36071Untrusted Search Path in Samsung Magician

CWE-426Untrusted Search Path3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 72.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Magician
Timeline
PublishedJun 20

Description

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages1 packages

NVDsamsung/magician8.0.0

🔴Vulnerability Details

2
CVEList
CVE-2024-36071: Samsung Magician 82024-06-20
GHSA
GHSA-679m-qrhj-wgh2: Samsung Magician 82024-06-20
CVE-2024-36071 — Untrusted Search Path in Samsung | cvebase