Description
Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution.
Published: 2026-06-16
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell Peripheral Manager versions older than 1.7.3 contain an uncontrolled search path element flaw. An attacker can place a malicious DLL in a directory that the application searches, and when the program loads that DLL, the code executes with the privileges of the Peripheral Manager service. The outcome is arbitrary code execution on the affected system. The weakness corresponds to CWE‑427, which involves improper validation of executable paths.

Affected Systems

The vulnerability applies to Dell Peripheral Manager installations prior to version 1.7.3. Systems running any earlier version of the Dell Peripheral Manager are at risk.

Risk and Exploitability

The CVSS score of 6.7 indicates a moderate severity vulnerability that can compromise confidentiality, integrity, and availability. The EPSS score of less than 1% shows a very low probability of exploitation at the time of analysis, and the flaw is not listed in the CISA KEV catalog. Due to the nature of the flaw, the likely attack vector is a local or privileged attacker who can preload a DLL in a path that the Peripheral Manager scans. The vulnerability is exploitable without additional credentials once the malicious DLL is in place.

Generated by OpenCVE AI on June 17, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell’s security update to version 1.7.3 or later for Dell Peripheral Manager
  • Verify that no unauthorized DLLs are present in directories scanned by the Peripheral Manager and remove them
  • Configure the Peripheral Manager service to run with the least privilege required and restrict its ability to load DLLs from untrusted locations

Generated by OpenCVE AI on June 17, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Uncontrolled DLL Loading in Dell Peripheral Manager Prior to 1.7.3

Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell peripheral Manager
Vendors & Products Dell
Dell peripheral Manager

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution.
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

Dell Peripheral Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-17T03:55:54.401Z

Reserved: 2024-01-10T15:26:10.250Z

Link: CVE-2024-22447

cve-icon Vulnrichment

Updated: 2026-06-16T14:58:49.036Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-16T15:16:31.633

Modified: 2026-06-16T15:42:57.150

Link: CVE-2024-22447

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T19:30:11Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element