CVE-2024-9496 HIGH

CVE-2024-9496: Uncontrolled search path can lead to DLL hijacking in USBXpress Dev Kit installer

Vendor Silabs.com
Product USBXpress Dev Kit
Weakness CWE-427
Published January 24, 2025
Last update February 18, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Key dates

02Disclosure timeline

January 24, 2025 CVE published
February 18, 2025 Record updated