CVE-2024-9499

DLL hijacking vulnerabilities, caused by an uncontrolled search path in theUSBXpress Win 98SE Dev Kitinstaller can lead to privilege escalation and arbitrary code execution when running the impacted installer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
SilabsCNA
8.6 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Common Weakness Enumeration
References
https://community.silabs.com/068Vm00000JUQwd