CVE-2024-9494 HIGH

CVE-2024-9494: Uncontrolled search path can lead to DLL hijacking in CP210 VCP Win 2k installer

Vendor Silabs.com
Product CP210 VCP Win 2k
Weakness CWE-427
Published January 24, 2025
Last update January 27, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Key dates

02Disclosure timeline

January 24, 2025 CVE published
January 27, 2025 Record updated