Search criteria
2 vulnerabilities found for CP210x VCP Windows by silabs.com
CVE-2024-9495 (GCVE-0-2024-9495)
Vulnerability from cvelistv5 – Published: 2025-01-24 14:37 – Updated: 2025-01-27 18:11
VLAI?
Title
Uncontrolled search path can lead to DLL hijacking in CP210x VCP Windows installer
Summary
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
Severity ?
8.6 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | CP210x VCP Windows |
Affected:
0 , ≤ 6.7
(semver)
|
Credits
Thanks to Sahil Shah, Shaurya, and Vidhi Patel for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T14:54:31.496152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T14:54:45.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "CP210x VCP Windows",
"platforms": [
"Windows"
],
"product": "CP210x VCP Windows",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Thanks to Sahil Shah, Shaurya, and Vidhi Patel for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCP210x VCP Windows \u003c/span\u003e\n\n\u003c/span\u003e\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.\u0026nbsp;"
}
],
"value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0CP210x VCP Windows \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
},
{
"capecId": "CAPEC-30",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-30 Hijacking a Privileged Thread of Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:11:41.774Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm00000JUQwd"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Uncontrolled search path can lead to DLL hijacking in CP210x VCP Windows installer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-9495",
"datePublished": "2025-01-24T14:37:44.424Z",
"dateReserved": "2024-10-03T18:32:56.303Z",
"dateUpdated": "2025-01-27T18:11:41.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9495 (GCVE-0-2024-9495)
Vulnerability from nvd – Published: 2025-01-24 14:37 – Updated: 2025-01-27 18:11
VLAI?
Title
Uncontrolled search path can lead to DLL hijacking in CP210x VCP Windows installer
Summary
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
Severity ?
8.6 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | CP210x VCP Windows |
Affected:
0 , ≤ 6.7
(semver)
|
Credits
Thanks to Sahil Shah, Shaurya, and Vidhi Patel for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T14:54:31.496152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T14:54:45.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "CP210x VCP Windows",
"platforms": [
"Windows"
],
"product": "CP210x VCP Windows",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Thanks to Sahil Shah, Shaurya, and Vidhi Patel for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCP210x VCP Windows \u003c/span\u003e\n\n\u003c/span\u003e\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.\u0026nbsp;"
}
],
"value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0CP210x VCP Windows \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
},
{
"capecId": "CAPEC-30",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-30 Hijacking a Privileged Thread of Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:11:41.774Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm00000JUQwd"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Uncontrolled search path can lead to DLL hijacking in CP210x VCP Windows installer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-9495",
"datePublished": "2025-01-24T14:37:44.424Z",
"dateReserved": "2024-10-03T18:32:56.303Z",
"dateUpdated": "2025-01-27T18:11:41.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}