CVE-2024-10930

HIGH

Carrier Block Load < 4.16 - Uncontrolled Search Path

Title source: rule

Description

An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

Exploits (1)

nomisec WRITEUP

by sahil3276 · poc

https://github.com/sahil3276/CVE-2024-10930

View Code ZIP pw:eip

References (2)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01

[Vendor Advisory] https://www.corporate.carrier.com/product-security/advisories-resources/

Scores

CVSS v3 7.8

EPSS 0.0051

EPSS Percentile 66.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

carrier/block_load < 4.16

carrier/block_load

Timeline

Published Mar 04, 2025

Tracked Since Feb 18, 2026