DSA-2024-242: Security Update for Dell Peripheral Manager for Multiple Uncontrolled Search Path Element Vulnerabilities
Summary: Dell Peripheral Manager remediation is available for multiple uncontrolled search path element vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs |
Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-37127 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.8 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-37142 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2024-32857 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs |
Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-37127 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.8 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-37142 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2024-32857 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Release Date | Link |
|---|---|---|---|---|---|---|
| CVE-2024-37127, CVE-2024-37142, CVE-2024-32857 | Dell Peripheral Manager | Software | Versions prior to 1.7.6 | Versions 1.7.6 or later | 07/30/2024 | Support for Dell Peripheral Manager | Drivers & Downloads | Dell US |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Release Date | Link |
|---|---|---|---|---|---|---|
| CVE-2024-37127, CVE-2024-37142, CVE-2024-32857 | Dell Peripheral Manager | Software | Versions prior to 1.7.6 | Versions 1.7.6 or later | 07/30/2024 | Support for Dell Peripheral Manager | Drivers & Downloads | Dell US |
Workarounds & Mitigations
None
Revision History
| Revision | Date | Description |
| 1.0 | 2024-07-30 | Initial Release |
Acknowledgements
CVE-2024-37127, CVE-2024-37142, CVE-2024-32857: Dell Technologies would like to thank Ouallaout Noureddine for reporting these issues
Related Information
Legal Disclaimer
Article Properties
Article Number: 000225474
Article Type: Dell Security Advisory
Last Modified: 30 Jul 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.