CVE-2024-10930

An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01	Third Party Advisory US Government Resource
https://www.corporate.carrier.com/product-security/advisories-resources/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:carrier:block_load::::::::
	cpe:2.3:a:carrier:block_load:4.00:::::::*

History

05 Feb 2026, 18:42

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad en el elemento de ruta de búsqueda no controlada que podría permitir que un actor malintencionado realice un secuestro de DLL y ejecute código arbitrario con privilegios aumentados.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01 - Third Party Advisory, US Government Resource
References	~~() https://www.corporate.carrier.com/product-security/advisories-resources/ -~~	() https://www.corporate.carrier.com/product-security/advisories-resources/ - Vendor Advisory
CPE		cpe:2.3:a:carrier:block_load:4.00:::::::* cpe:2.3:a:carrier:block_load::::::::
First Time		Carrier block Load Carrier

04 Mar 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-04 18:15

Updated : 2026-02-05 18:42

NVD link : CVE-2024-10930

Mitre link : CVE-2024-10930

CVE.ORG link : CVE-2024-10930

JSON object : View

Products Affected

carrier

block_load

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2024-10930", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "productsecurity@carrier.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-04T18:15:23.610", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "productsecurity@carrier.com"}, {"url": "https://www.corporate.carrier.com/product-security/advisories-resources/", "tags": ["Vendor Advisory"], "source": "productsecurity@carrier.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "productsecurity@carrier.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges."}, {"lang": "es", "value": "Existe una vulnerabilidad en el elemento de ruta de b\u00fasqueda no controlada que podr\u00eda permitir que un actor malintencionado realice un secuestro de DLL y ejecute c\u00f3digo arbitrario con privilegios aumentados."}], "lastModified": "2026-02-05T18:42:39.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:carrier:block_load:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC0E3074-A3ED-46A3-97B1-FAB873EF506F", "versionEndIncluding": "4.16", "versionStartIncluding": "4.10"}, {"criteria": "cpe:2.3:a:carrier:block_load:4.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C1A4047-8B12-4A05-AD2A-B6BD3B80DC32"}], "operator": "OR"}]}], "sourceIdentifier": "productsecurity@carrier.com"}