CVE-2024-9494

High

Published: 24 January 2025

Published

24 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0008 22.5th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9494 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Search Order Hijacking (T1038); ranked at the 22.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Search Order Hijacking (T1038) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the DLL hijacking vulnerability by identifying, reporting, and applying vendor patches or updates to the CP210 VCP Win 2k installer as per Silicon Labs advisory.

CM-11 User-installed Software good match

prevent

Prevents exploitation by enforcing organizational policies that restrict users from installing or executing untrusted installers like the vulnerable CP210 VCP Win 2k package.

SI-3 Malicious Code Protection partial match

preventdetect

Provides defense-in-depth by scanning for and blocking malicious DLLs that could be loaded via the installer's uncontrolled search path during execution.

MITRE ATT&CK Enterprise TechniquesAI

T1038 DLL Search Order Hijacking Persistence

Windows systems use a common method to look for required DLLs to load into a program.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE directly describes DLL hijacking via uncontrolled search path (T1038) enabling local privilege escalation and code execution (T1068) when installer runs.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Deeper analysisAI

CVE-2024-9494 is a DLL hijacking vulnerability stemming from an uncontrolled search path (CWE-427) in the CP210 VCP Win 2k installer, a component provided by Silicon Labs for USB-to-serial driver installation on Windows 2000 systems. The issue allows malicious DLLs to be loaded and executed during installer execution, with a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A local attacker can exploit this vulnerability by placing a malicious DLL in a directory that the installer searches before secure paths, tricking a user into running the affected installer. No privileges are required beforehand, but user interaction is needed to launch the installer. Successful exploitation leads to privilege escalation and arbitrary code execution with the installer's elevated permissions.

Silicon Labs has published details on this vulnerability in their community advisory at https://community.silabs.com/068Vm00000JUQwd, which security practitioners should consult for recommended mitigations and patches.