CVE-2024-10930

HIGH

Carrier Block Load < 4.16 - Uncontrolled Search Path

Title source: rule

Description

An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

Exploits (1)

nomisec WRITEUP

by sahil3276 · poc

https://github.com/sahil3276/CVE-2024-10930

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://www.corporate.carrier.com/product-security/advisories-resources/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01

Scores

CVSS v3 7.8

EPSS 0.0149

EPSS Percentile 81.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (2)

carrier/block_load 4.00

carrier/block_load 4.10 - 4.16

Published Mar 04, 2025

Tracked Since Feb 18, 2026