CVE-2024-9498
HIGHUSBXpress SDK - Privilege Escalation
Title source: llmDescription
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
Scores
CVSS v3
8.6
EPSS
0.0001
EPSS Percentile
2.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Classification
CWE
CWE-427
Status
draft
Timeline
Published
Jan 24, 2025
Tracked Since
Feb 18, 2026