CVE-2024-36071

EUVD-2024-35870
Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
mitreCNA
6.3 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
samsungmagician
8.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
https://semiconductor.samsung.com/support/quality-support/product-security-updates/