Impact
Dell Peripheral Manager versions 1.5.1 through 1.7.2 contain an uncontrolled search path element vulnerability (CWE-427). The flaw allows an attacker to preload a malicious executable into the search path, which then runs under the user’s privileges, enabling arbitrary code execution on the host. The vulnerability does not require authentication and derives its impact from improper validation of the executable search path.
Affected Systems
Dell computers that ship with Dell Peripheral Manager versions 1.5.1 to 1.7.2 are affected; no specific hardware families are identified in the advisory.
Risk and Exploitability
The CVSS score of 6.7 marks the issue as moderate severity, while the EPSS score of less than 1% indicates a low likelihood of exploitation. The vulnerability is not listed in CISA KEV. Attackers would typically exploit the flaw by preloading a malicious executable either during local use or by leveraging removable media. Once the executable is placed in the search path, it can be executed without user interaction, giving the attacker full control over the system. Although current exploitation rates are low, the high impact of remote code execution warrants prompt remediation.
OpenCVE Enrichment