CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-9499: Uncontrolled search path can lead to DLL hijacking in USBXpress Win 98SE Dev Kit installer

8.6 CVSS

Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Classification

CVE ID: CVE-2024-9499

CVSS Base Severity: HIGH

CVSS Base Score: 8.6

Affected Products

Vendor: silabs.com

Product: USBXpress Win 98SE Dev Kit

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://community.silabs.com/068Vm00000JUQwd

Timeline