Search criteria
2 vulnerabilities found for USBXpress Win 98SE Dev Kit by silabs.com
CVE-2024-9499 (GCVE-0-2024-9499)
Vulnerability from cvelistv5 – Published: 2025-01-24 14:39 – Updated: 2025-02-18 20:15
VLAI?
Summary
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
Severity ?
8.6 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | USBXpress Win 98SE Dev Kit |
Affected:
0 , ≤ 2.42
(semver)
|
Credits
Thanks to Sahil Shah and Shaurya for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T14:45:54.505172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:15:25.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "USBXpress Win 98SE Dev Kit",
"platforms": [
"Windows"
],
"product": "USBXpress Win 98SE Dev Kit",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "2.42",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Thanks to Sahil Shah and Shaurya for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u0026nbsp;USBXpress Win 98SE Dev Kit\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003einstaller can lead to privilege escalation and arbitrary code execution when running the impacted installer.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0USBXpress Win 98SE Dev Kit\u00a0installer can lead to privilege escalation and arbitrary code execution when running the impacted installer."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
},
{
"capecId": "CAPEC-30",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-30 Hijacking a Privileged Thread of Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:15:01.401Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm00000JUQwd"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Uncontrolled search path can lead to DLL hijacking in USBXpress Win 98SE Dev Kit installer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-9499",
"datePublished": "2025-01-24T14:39:51.065Z",
"dateReserved": "2024-10-03T18:33:01.176Z",
"dateUpdated": "2025-02-18T20:15:25.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9499 (GCVE-0-2024-9499)
Vulnerability from nvd – Published: 2025-01-24 14:39 – Updated: 2025-02-18 20:15
VLAI?
Summary
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
Severity ?
8.6 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | USBXpress Win 98SE Dev Kit |
Affected:
0 , ≤ 2.42
(semver)
|
Credits
Thanks to Sahil Shah and Shaurya for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T14:45:54.505172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:15:25.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "USBXpress Win 98SE Dev Kit",
"platforms": [
"Windows"
],
"product": "USBXpress Win 98SE Dev Kit",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "2.42",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Thanks to Sahil Shah and Shaurya for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u0026nbsp;USBXpress Win 98SE Dev Kit\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003einstaller can lead to privilege escalation and arbitrary code execution when running the impacted installer.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0USBXpress Win 98SE Dev Kit\u00a0installer can lead to privilege escalation and arbitrary code execution when running the impacted installer."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
},
{
"capecId": "CAPEC-30",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-30 Hijacking a Privileged Thread of Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:15:01.401Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm00000JUQwd"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Uncontrolled search path can lead to DLL hijacking in USBXpress Win 98SE Dev Kit installer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-9499",
"datePublished": "2025-01-24T14:39:51.065Z",
"dateReserved": "2024-10-03T18:33:01.176Z",
"dateUpdated": "2025-02-18T20:15:25.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}