DSA-2024-055: Security Update for Dell Peripheral Manager Uncontrolled Search Path Element Vulnerabilities
Summary: Dell Peripheral Manager remediation is available for multiple Uncontrolled Search Path Element vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Proprietary Code CVEs |
Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22447 | Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2024-22451 | Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs |
Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22447 | Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2024-22451 | Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| CVE ID | Product | Software/Firmware | Affected Versions | Remediated Versions | Release Date | Link |
|---|---|---|---|---|---|---|
| CVE-2024-22447 | Dell Peripheral Manager | Software | Versions prior to 1.7.3 | Versions 1.7.3 or later |
03/27/2024 | Support for Dell Peripheral Manager | Drivers & Downloads |
| CVE-2024-22451 | Dell Peripheral Manager | Software | Versions 1.5.1 to 1.7.2 | Versions 1.7.3 or later |
03/27/2024 | Support for Dell Peripheral Manager | Drivers & Downloads |
| CVE ID | Product | Software/Firmware | Affected Versions | Remediated Versions | Release Date | Link |
|---|---|---|---|---|---|---|
| CVE-2024-22447 | Dell Peripheral Manager | Software | Versions prior to 1.7.3 | Versions 1.7.3 or later |
03/27/2024 | Support for Dell Peripheral Manager | Drivers & Downloads |
| CVE-2024-22451 | Dell Peripheral Manager | Software | Versions 1.5.1 to 1.7.2 | Versions 1.7.3 or later |
03/27/2024 | Support for Dell Peripheral Manager | Drivers & Downloads |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-04-02 | Initial Release |
| 2.0 | 2024-08-09 | Updated hyperlinks to links that are not location specific |
Acknowledgements
CVE-2024-22447, CVE-2024-22451: Dell Technologies would like to thank Yue Liu From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.
Related Information
Legal Disclaimer
Article Properties
Article Number: 000221413
Article Type: Dell Security Advisory
Last Modified: 09 Aug 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.