Article Number: 000225474
DSA-2024-242: Security Update for Dell Peripheral Manager for Multiple Uncontrolled Search Path Element Vulnerabilities
Summary: Dell Peripheral Manager remediation is available for multiple uncontrolled search path element vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
Article Content
Impact
High
Details
| Proprietary Code CVEs |
Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-37127 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.8 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-37142 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2024-32857 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs |
Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-37127 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.8 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-37142 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2024-32857 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products and Remediation
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Release Date | Link |
|---|---|---|---|---|---|---|
| CVE-2024-37127, CVE-2024-37142, CVE-2024-32857 | Dell Peripheral Manager | Software | Versions prior to 1.7.6 | Versions 1.7.6 or later | 07/30/2024 | Support for Dell Peripheral Manager | Drivers & Downloads | Dell US |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Release Date | Link |
|---|---|---|---|---|---|---|
| CVE-2024-37127, CVE-2024-37142, CVE-2024-32857 | Dell Peripheral Manager | Software | Versions prior to 1.7.6 | Versions 1.7.6 or later | 07/30/2024 | Support for Dell Peripheral Manager | Drivers & Downloads | Dell US |
Workarounds and Mitigations
None
Acknowledgements
CVE-2024-37127, CVE-2024-37142, CVE-2024-32857: Dell Technologies would like to thank Ouallaout Noureddine for reporting these issues
Revision History
| Revision | Date | Description |
| 1.0 | 2024-07-30 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
Dell Peripheral Manager
Last Published Date
30 Jul 2024
Article Type
Dell Security Advisory