CVE-2024-53921

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.

CVSS v3 2.8 LOW

2.8^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.3 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:magician:8.1.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

03 Jun 2025, 16:34

Type	Values Removed	Values Added
References	~~() https://semiconductor.samsung.com/support/quality-support/product-security-updates/ -~~	() https://semiconductor.samsung.com/support/quality-support/product-security-updates/ - Vendor Advisory
Summary		(es) Se descubrió un problema en el instalador de Samsung Magician 8.1.0 en Windows. Un atacante puede crear carpetas arbitrarias en el directorio de permisos del sistema mediante un enlace simbólico durante el proceso de instalación.
CPE		cpe:2.3:a:samsung:magician:8.1.0:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
First Time		Microsoft Microsoft windows Samsung Samsung magician

03 Dec 2024, 20:15

Type	Values Removed	Values Added
CWE		CWE-1236 CWE-276

03 Dec 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-03 19:15

Updated : 2025-06-03 16:34

NVD link : CVE-2024-53921

Mitre link : CVE-2024-53921

CVE.ORG link : CVE-2024-53921

JSON object : View

Products Affected

samsung

magician

microsoft

windows

CWE

CWE-276

Incorrect Default Permissions

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

{"id": "CVE-2024-53921", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.3}]}, "published": "2024-12-03T19:15:11.957", "references": [{"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}, {"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process."}, {"lang": "es", "value": " Se descubri\u00f3 un problema en el instalador de Samsung Magician 8.1.0 en Windows. Un atacante puede crear carpetas arbitrarias en el directorio de permisos del sistema mediante un enlace simb\u00f3lico durante el proceso de instalaci\u00f3n."}], "lastModified": "2025-06-03T16:34:18.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:magician:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE60C1AB-4A7F-4B43-90E9-D12EDD258544"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}