CVE-2024-57963
Published: 18 February 2025
Description
Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects USB-CONVERTERCABLE DRIVER:.
Security Summary
CVE-2024-57963 is an insecure loading of dynamic link libraries vulnerability (CWE-427) discovered in the USB-CONVERTERCABLE DRIVER. This flaw affects the USB-CONVERTERCABLE DRIVER component, potentially allowing local attackers to disclose sensitive information or execute arbitrary code on impacted systems. The vulnerability received a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
A local attacker with low privileges can exploit this vulnerability by leveraging the insecure DLL loading mechanism, though it requires user interaction to trigger. Successful exploitation could enable the attacker to disclose information from the system or execute arbitrary code with the privileges of the affected driver process, potentially leading to full system compromise if chained with other flaws.
For mitigation details, refer to the Hitachi security advisory at https://www.hitachi.com/hirt/hitachi-sec/2025/001.html, published alongside the CVE disclosure on 2025-02-18.
Details
- CWE(s)