Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for CP210 VCP Win 2k by silabs.com

    CVE-2024-9494 (GCVE-0-2024-9494)

    Vulnerability from nvd – Published: 2025-01-24 14:37 – Updated: 2025-01-27 18:10
    VLAI
    Title
    Uncontrolled search path can lead to DLL hijacking in CP210 VCP Win 2k installer
    Summary
    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    URL Tags
    https://community.silabs.com/068Vm00000JUQwd vendor-advisorypermissions-required
    Impacted products
    Vendor Product Version
    silabs.com CP210 VCP Win 2k Affected: 0 , ≤ 6.3 (semver)
    Create a notification for this product.
    Credits
    Thanks to Sahil Shah, Shaurya, and Ramya Shah for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9494",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T14:54:24.260103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T14:54:36.316Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "CP210 VCP Win 2k",
              "platforms": [
                "Windows"
              ],
              "product": "CP210 VCP Win 2k",
              "vendor": "silabs.com",
              "versions": [
                {
                  "lessThanOrEqual": "6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Thanks to Sahil Shah, Shaurya, and Ramya Shah for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCP210 VCP Win 2k\u003c/span\u003e\n\n\u003c/span\u003e\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.\u0026nbsp;"
                }
              ],
              "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0\n\n\n\nCP210 VCP Win 2k\n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            },
            {
              "capecId": "CAPEC-30",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-30 Hijacking a Privileged Thread of Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-27T18:10:40.147Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "permissions-required"
              ],
              "url": "https://community.silabs.com/068Vm00000JUQwd"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Uncontrolled search path can lead to DLL hijacking in CP210 VCP Win 2k installer",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2024-9494",
        "datePublished": "2025-01-24T14:37:15.436Z",
        "dateReserved": "2024-10-03T18:32:55.077Z",
        "dateUpdated": "2025-01-27T18:10:40.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9494 (GCVE-0-2024-9494)

    Vulnerability from cvelistv5 – Published: 2025-01-24 14:37 – Updated: 2025-01-27 18:10
    VLAI
    Title
    Uncontrolled search path can lead to DLL hijacking in CP210 VCP Win 2k installer
    Summary
    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    URL Tags
    https://community.silabs.com/068Vm00000JUQwd vendor-advisorypermissions-required
    Impacted products
    Vendor Product Version
    silabs.com CP210 VCP Win 2k Affected: 0 , ≤ 6.3 (semver)
    Create a notification for this product.
    Credits
    Thanks to Sahil Shah, Shaurya, and Ramya Shah for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9494",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T14:54:24.260103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T14:54:36.316Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "CP210 VCP Win 2k",
              "platforms": [
                "Windows"
              ],
              "product": "CP210 VCP Win 2k",
              "vendor": "silabs.com",
              "versions": [
                {
                  "lessThanOrEqual": "6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Thanks to Sahil Shah, Shaurya, and Ramya Shah for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCP210 VCP Win 2k\u003c/span\u003e\n\n\u003c/span\u003e\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.\u0026nbsp;"
                }
              ],
              "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0\n\n\n\nCP210 VCP Win 2k\n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            },
            {
              "capecId": "CAPEC-30",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-30 Hijacking a Privileged Thread of Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-27T18:10:40.147Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "permissions-required"
              ],
              "url": "https://community.silabs.com/068Vm00000JUQwd"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Uncontrolled search path can lead to DLL hijacking in CP210 VCP Win 2k installer",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2024-9494",
        "datePublished": "2025-01-24T14:37:15.436Z",
        "dateReserved": "2024-10-03T18:32:55.077Z",
        "dateUpdated": "2025-01-27T18:10:40.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }