CVE-2024-9496
Published: 24 January 2025
Summary
CVE-2024-9496 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and CM-14 (Signed Components).
Deeper analysis
CVE-2024-9496 is a DLL hijacking vulnerability (CWE-427: Uncontrolled Search Path Element) affecting the USBXpress Dev Kit installer. The issue arises from an uncontrolled search path during installation, which can enable privilege escalation and arbitrary code execution when the impacted installer is executed. It carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and was published on 2025-01-24.
A local attacker requires no privileges (PR:N) but needs low-complexity conditions (AC:L) and user interaction (UI:R), such as convincing a user to run the installer. Successful exploitation allows arbitrary code execution with a scope change (S:C), resulting in high impacts to confidentiality, integrity, and availability.
Mitigation details are available in the Silicon Labs community advisory at https://community.silabs.com/068Vm00000JUQwd.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50353
Vulnerability details
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE directly describes DLL hijacking (uncontrolled search path) enabling arbitrary code execution and privilege escalation on installer run.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of the DLL hijacking flaw in the USBXpress Dev Kit installer to prevent exploitation.
Restricts, approves, scans, and monitors user-installed software like the vulnerable USBXpress installer to block or identify malicious installations.
Mandates cryptographic verification of signatures for software components, preventing execution of unsigned malicious DLLs hijacked via uncontrolled search paths.