Description
Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access.
Published: 2026-03-04
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Patch
AI Analysis

Impact

Dell Device Management Agent (DDMA) stores user passwords in clear text on the file system, a weakness that falls under the category of plain text password storage (CWE‑256). If an attacker gains local access with high privilege, they can read these credentials and use them to log in to the agent or related services, effectively obtaining unauthorized access to the device. The vulnerability does not expose a direct remote code execution path, but it compromises confidentiality and the integrity of authentication credentials.

Affected Systems

The flaw affects Dell Device Management Agent versions earlier than 26.02. Any system running those builds is vulnerable; newer builds contain the fix.

Risk and Exploitability

The CVSS score of 4.4 indicates a low severity, and the EPSS score of less than 1 percent shows that the likelihood of exploitation is very small. The vulnerability is not listed in the CISA KEV catalog. However, because exploitation requires local high‑privileged access, the risk is elevated within compromised or physically accessible environments. Attackers would need to compromise local credentials or gain local administrative privileges to read the plaintext file and obtain credentials for the agent. Once obtained, they could gain full control over the device management agent's functionality.

Generated by OpenCVE AI on April 16, 2026 at 13:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell Device Management Agent to version 26.02 or later, which removes plaintext password storage.
  • Re‑configure any remaining DDMA installations to force password hashing or encryption, removing existing clear‑text credential files.
  • Restrict local privileged accounts and enforce least‑privilege policies to limit the ability of users to read configuration files containing sensitive data.

Generated by OpenCVE AI on April 16, 2026 at 13:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Plaintext Password Storage in Dell Device Management Agent Enables Local Unauthorized Access

Thu, 05 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell device Management Agent
CPEs cpe:2.3:a:dell:device_management_agent:*:*:*:*:*:*:*:*
Vendors & Products Dell device Management Agent

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell device Management Agent (ddma)
Vendors & Products Dell
Dell device Management Agent (ddma)

Wed, 04 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access.
Weaknesses CWE-256
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Dell Device Management Agent Device Management Agent (ddma)
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-04T17:17:20.916Z

Reserved: 2026-01-07T07:17:24.537Z

Link: CVE-2026-22285

cve-icon Vulnrichment

Updated: 2026-03-04T17:17:00.555Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T16:16:27.443

Modified: 2026-03-05T18:15:03.473

Link: CVE-2026-22285

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:45:21Z

Weaknesses