Impact
The vulnerability resides in the Dell Device Management Agent, where an incorrect authorization check allows a low‑privileged local user to gain higher system privileges. This could lead to unauthorized configuration changes, elevated privileges and potentially full system control. The weakness is identified as CWE‑863, an authorization bypass.
Affected Systems
Affected systems are Dell devices running the Device Management Agent version earlier than 26.02. The vulnerability applies to all subsystems that rely on the DDMA component, regardless of the platform or operating system on which the agent is installed.
Risk and Exploitability
The CVSS base score is 5.5, indicating moderate risk. The EPSS is under 1% and the vulnerability is not in the KEV list, reflecting low current exploitation probability. However, exploitation requires local access with low privileges, so any local user who can execute code on the device may potentially leverage the flaw. There is no publicly disclosed exploit at this time, but an attacker could obtain elevated privileges by exploiting the missing authorization check.
OpenCVE Enrichment