Impact
Dell Peripheral Manager versions older than 1.7.3 contain an uncontrolled search path element flaw. An attacker can place a malicious DLL in a directory that the application searches, and when the program loads that DLL, the code executes with the privileges of the Peripheral Manager service. The outcome is arbitrary code execution on the affected system. The weakness corresponds to CWE‑427, which involves improper validation of executable paths.
Affected Systems
The vulnerability applies to Dell Peripheral Manager installations prior to version 1.7.3. Systems running any earlier version of the Dell Peripheral Manager are at risk.
Risk and Exploitability
The CVSS score of 6.7 indicates a moderate severity vulnerability that can compromise confidentiality, integrity, and availability. The EPSS score of less than 1% shows a very low probability of exploitation at the time of analysis, and the flaw is not listed in the CISA KEV catalog. Due to the nature of the flaw, the likely attack vector is a local or privileged attacker who can preload a DLL in a path that the Peripheral Manager scans. The vulnerability is exploitable without additional credentials once the malicious DLL is in place.
OpenCVE Enrichment