CVE-2024-53921

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.

CVSS v3 2.8 LOW

2.8^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.3 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:magician:8.1.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-03 19:15

Updated : 2025-06-03 16:34

NVD link : CVE-2024-53921

Mitre link : CVE-2024-53921

CVE.ORG link : CVE-2024-53921

JSON object : View

Products Affected

microsoft

windows

samsung

magician

CWE

CWE-276

Incorrect Default Permissions

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

{"id": "CVE-2024-53921", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.3}]}, "published": "2024-12-03T19:15:11.957", "references": [{"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}, {"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process."}, {"lang": "es", "value": " Se descubri\u00f3 un problema en el instalador de Samsung Magician 8.1.0 en Windows. Un atacante puede crear carpetas arbitrarias en el directorio de permisos del sistema mediante un enlace simb\u00f3lico durante el proceso de instalaci\u00f3n."}], "lastModified": "2025-06-03T16:34:18.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:magician:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE60C1AB-4A7F-4B43-90E9-D12EDD258544"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}