CVE-2024-9494: Uncontrolled search path can lead to DLL hijacking in CP210 VCP Win 2k installer
First published: Fri Jan 24 2025(Updated: )
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
Credit: product-security@silabs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-9494?
CVE-2024-9494 is classified as a high severity vulnerability due to the potential for privilege escalation and arbitrary code execution.
How do I fix CVE-2024-9494?
To fix CVE-2024-9494, ensure you update to the latest version of the Silicon Labs CP210 VCP Win 2k installer that addresses this vulnerability.
What are the potential impacts of CVE-2024-9494?
The potential impacts of CVE-2024-9494 include unauthorized access to system privileges and execution of malicious code.
Who is affected by CVE-2024-9494?
Users of the Silicon Labs CP210 VCP Win 2k installer are affected by CVE-2024-9494 if they have not implemented mitigation against DLL hijacking.
How can I verify if my system is at risk from CVE-2024-9494?
You can verify if your system is at risk from CVE-2024-9494 by checking the version of the Silicon Labs CP210 VCP Win 2k installer currently installed.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event