CVE-2024-9490
Published: 24 January 2025
Summary
CVE-2024-9490 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
CVE-2024-9490 is a DLL hijacking vulnerability stemming from an uncontrolled search path in the Silicon Labs (8-bit) IDE installer. This flaw, classified under CWE-427, enables privilege escalation and arbitrary code execution when the affected installer is executed. It received a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), highlighting its high severity due to local attack vector, low complexity, no required privileges, and user interaction via running the installer, with a scope change amplifying impacts on confidentiality, integrity, and availability.
A local attacker can exploit this vulnerability by placing a malicious DLL in a directory included in the installer's search path, which the application checks before secure locations. No special privileges are needed beforehand, but the target user must initiate the installer execution, making social engineering or user error a common trigger. Successful exploitation allows the attacker to elevate privileges and run arbitrary code in the context of the installer process, potentially compromising the system.
For mitigation details, refer to the Silicon Labs community advisory at https://community.silabs.com/068Vm00000JUQwd.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50416
Vulnerability details
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct DLL side-loading via uncontrolled search path (CWE-427) enables arbitrary code execution and privilege escalation on installer launch.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of the DLL hijacking flaw in the Silicon Labs IDE installer, eliminating the vulnerability through vendor patches or workarounds.
Establishes organizational policies to prohibit or approve user installation of vulnerable software like the Silicon Labs IDE installer, preventing execution without vetting.
Deploys malicious code protection mechanisms to scan directories in the installer's search path and block or detect the attacker's malicious DLL before loading.