<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:48959297;
mso-list-type:hybrid;
mso-list-template-ids:2010417068 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:205921872;
mso-list-template-ids:1258815670;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:459494415;
mso-list-template-ids:840055478;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:656106090;
mso-list-template-ids:-1454846836;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4
{mso-list-id:1496217853;
mso-list-type:hybrid;
mso-list-template-ids:1152963076 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l5
{mso-list-id:1834253922;
mso-list-template-ids:-1566542902;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6
{mso-list-id:1964579690;
mso-list-type:hybrid;
mso-list-template-ids:-767921578 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l6:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l6:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l6:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l6:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l6:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l6:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l6:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l6:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l6:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><a name="_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Good afternoon,</span></a><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-ligatures:none"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The SOC Services team is reporting on the vulnerability:</span></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-ligatures:none">
<b>CVE-2025-4632: Samsung MagicINFO 9 Server Path Traversal Vulnerability</b>. Due to its high visibility, we are providing this in-depth information:<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">History</span></u></b></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">:
On April 30,2025, it was publicly disclosed that a server path traversal vulnerability was found in MagicINFO9 software, a content management system used for digital signage displays. This vulnerability was assigned a CVE on May 13, 2025 and subsequently assigned
a CVSSv3 score of 9.8 (Critical) by Samsung TV and Appliance. NIST has yet to provide a CVSSv3 score as of May 13, 2025.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Affected products, version:<o:p></o:p></span></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l6 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Samsung MagicINFO 9 Server version before 21.1052<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Updated version:<o:p></o:p></span></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo6"><span style="mso-bookmark:_Hlk122600425">Samsung MagicINFO 9 Server version 21.1052<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">For more information directly from Samsung please see the link here:
</span></span><a href="https://security.samsungtv.com/securityUpdates#SVP-MAY-2025"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">https://security.samsungtv.com/securityUpdates#SVP-MAY-2025</span></span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Additional write-up can be found below:<o:p></o:p></span></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo6"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://www.huntress.com/blog/post-exploitation-activities-observed-from-samsung-magicinfo-9-server-flaw"><span style="mso-bookmark:_Hlk122600425">https://www.huntress.com/blog/post-exploitation-activities-observed-from-samsung-magicinfo-9-server-flaw</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo6"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://arcticwolf.com/resources/blog/follow-up-samsung-patches-zero-day-vulnerability-magicinfo-9-server-cve-2025-4632/"><span style="mso-bookmark:_Hlk122600425">https://arcticwolf.com/resources/blog/follow-up-samsung-patches-zero-day-vulnerability-magicinfo-9-server-cve-2025-4632/</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo6"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://ssd-disclosure.com/ssd-advisory-samsung-magicinfo-unauthenticated-rce/"><span style="mso-bookmark:_Hlk122600425">https://ssd-disclosure.com/ssd-advisory-samsung-magicinfo-unauthenticated-rce/</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo6"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://cybersrcc.com/2025/05/16/samsung-patches-cve-2025-4632-used-to-deploy-mirai-botnet-via-magicinfo-9-exploit/"><span style="mso-bookmark:_Hlk122600425">https://cybersrcc.com/2025/05/16/samsung-patches-cve-2025-4632-used-to-deploy-mirai-botnet-via-magicinfo-9-exploit/</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></li></ul>
<p class="MsoListParagraph"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Intelligence</span></u></b></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">
As of May 22, 2025, CISA has confirmed the vulnerability as being exploited in the wild and has added the vulnerability to the Known Exploited Vulnerabilities Catalog. It's worth noting that CVE-2025-4632 is a patch bypass for CVE-2024-7399, another path traversal
flaw in the same product that was remediated by Samsung in August 2024. CVE-2025-4632 has since been exploited in the wild shortly after the release of a proof-of-concept (PoC) and reported on by SSD Disclosure on April 30, 2025. Exploitation of CVE-2025-4632
has been linked to the deployment of the Mirai botnet, a notorious malware used for distributed denial-of-service (DDoS) attacks.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Workarounds:</span></u></b></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> There
are no workarounds at this time.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">How it works</span></u></b></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">:
A server path traversal vulnerability in the MagicINFO9 software stems from the application's allowance of crafting specially designed HTTP requests, attackers can write files like JSP scripts, which the server executes with system-level privileges, enabling
RCE.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Post-Exploit</span></u></b></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">:
Upon successful exploitation of the vulnerability, Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server allows attackers to write arbitrary file as system authority.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">IOC:</span></u></b></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">
Below are Indicators of Compromise<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="900" style="width:674.7pt;border-collapse:collapse">
<tbody>
<tr>
<td style="border:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"></span><a href="http://185.225.226[.]53/php_cli.exe"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">http://185.225.226[.]53/php_cli.exe</span></span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none"><o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="64" style="width:48.05pt;border:solid windowtext 1.0pt;border-left:none;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">2025-05-04<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="294" style="width:220.5pt;border:solid windowtext 1.0pt;border-left:none;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">URL of executable used by attacker<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td style="border:solid windowtext 1.0pt;border-top:none;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"></span><a href="http://185.225.226[.]53/srvany.exe"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">http://185.225.226[.]53/srvany.exe</span></span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none"><o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="64" style="width:48.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">2025-05-04<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="294" style="width:220.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">URL of executable used by attacker<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td style="border:solid windowtext 1.0pt;border-top:none;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">C:\MagicInfo Premium\tomcat\bin\php-cli.exe
</span></span><span style="mso-bookmark:_Hlk122600425"><b><span style="font-size:11.0pt;font-family:"Courier New";color:#FF9900;mso-ligatures:none"><br>
<br>
</span></b></span><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">c9c464c872b539eee7481e15331b7a6c75f4ba1f24b64d9f36a70b87a164d122<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="64" style="width:48.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">2025-05-04<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="294" style="width:220.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://learn.microsoft.com/en-us/troubleshoot/windows-client/setup-upgrade-and-drivers/create-user-defined-service" target="_blank"><span style="mso-bookmark:_Hlk122600425"><span style="color:blue;mso-ligatures:none">srvany.exe</span></span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">
(A utility to launch any executable as a service)<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td style="border:solid windowtext 1.0pt;border-top:none;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">C:\MagicInfo Premium\tomcat\bin\php-fpm.exe
</span></span><span style="mso-bookmark:_Hlk122600425"><b><span style="font-size:11.0pt;font-family:"Courier New";color:#FF9900;mso-ligatures:none"><br>
<br>
</span></b></span><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">abd4afd71b3c2bd3f741bbe3cec52c4fa63ac78d353101d2e7dc4de2725d1ca1<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="64" style="width:48.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">2025-05-04<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="294" style="width:220.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://winbindex.m417z.com/?file=services.exe" target="_blank"><span style="mso-bookmark:_Hlk122600425"><span style="color:blue;mso-ligatures:none">services.exe</span></span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">
(a core Microsoft Windows process, part of the Service Control Manager (SCM))<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td style="border:solid windowtext 1.0pt;border-top:none;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Malicious Files<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="64" style="width:48.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<span style="mso-bookmark:_Hlk122600425"></span>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none"><o:p> </o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="294" style="width:220.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">srvany.exe (renamed to php-cli.exe)<o:p></o:p></span></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">php_cli.exe (renamed to php-fpm.exe)<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td style="border:solid windowtext 1.0pt;border-top:none;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Unauthorized Services<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="64" style="width:48.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<span style="mso-bookmark:_Hlk122600425"></span>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none"><o:p> </o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="294" style="width:220.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Service name: PHP5.3.8<o:p></o:p></span></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Parameters: -device-name=magicw, attacker-controlled email addresses<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td style="border:solid windowtext 1.0pt;border-top:none;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Suspicious Commands<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="64" style="width:48.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<span style="mso-bookmark:_Hlk122600425"></span>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none"><o:p> </o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="294" style="width:220.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Reconnaissance: whoami, arp -a<o:p></o:p></span></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Payload execution: Commands to download and execute malicious binaries<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td style="border:solid windowtext 1.0pt;border-top:none;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">System Event Logs<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="64" style="width:48.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<span style="mso-bookmark:_Hlk122600425"></span>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none"><o:p> </o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="294" style="width:220.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Event ID 7045: Indicates service creation (e.g., PHP5.3.8)<o:p></o:p></span></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Event ID 7000: Indicates service start failure<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td style="border:solid windowtext 1.0pt;border-top:none;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Network Traffic<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="64" style="width:48.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<span style="mso-bookmark:_Hlk122600425"></span>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none"><o:p> </o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="294" style="width:220.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Connections to suspicious IPs or domains associated with Mirai C2 servers<o:p></o:p></span></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Increased outbound traffic indicative of DDoS activity<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal" style="text-align:justify"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">As of May 22, 2025, Tenable has not released any plugins for the vulnerability and has no plugins in the
pipeline.<o:p></o:p></span></span></p>
<p class="MsoNormal" style="text-align:justify"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Recommended Actions</span></u></b></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">:<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l4 level1 lfo10"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Verify host has not been compromised before applying patches.<o:p></o:p></span></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l4 level1 lfo10"><span style="mso-bookmark:_Hlk122600425">Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l4 level1 lfo10"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Run all software as a non-privileged user (one without administrative privileges) to diminish the
effects of a successful attack.<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-list:l4 level1 lfo10"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Apply the Principle of Least Privilege to all systems and services.<o:p></o:p></span></span></li></ul>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<span style="mso-bookmark:_Hlk122600425"></span>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="702" style="width:526.5pt;border-collapse:collapse">
<tbody>
<tr style="height:63.0pt">
<td width="118" valign="top" style="width:88.35pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D;mso-ligatures:none"><img border="0" width="121" height="87" style="width:1.2583in;height:.9083in" id="Picture_x0020_4" src="cid:image001.png@01DBCB24.5DBE37D0"></span><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D;mso-ligatures:none"><o:p></o:p></span></p>
</td>
<td width="493" valign="top" style="width:369.65pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><b><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;mso-ligatures:none">Cyber Security Services<o:p></o:p></span></b></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;mso-ligatures:none">State of Oregon Cyber Security Services<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;mso-ligatures:none">Enterprise Information Services | SOC<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;mso-ligatures:none">Cyber Security Services (CSS)<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;mso-ligatures:none">SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378<span style="color:#1F497D"><o:p></o:p></span></span></p>
</td>
</tr>
<tr>
<td width="611" colspan="2" valign="top" style="width:458.05pt;padding:0in 4.65pt 0in 4.65pt">
<p class="MsoNormal" style="line-height:105%"><i><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#2E74B5;mso-ligatures:none">“Ensuring user-friendly, reliable and secure state technology systems that equitably serve Oregonians.”<o:p></o:p></span></i></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>