CVE-2024-22451
Summary
| CVE | CVE-2024-22451 |
|---|---|
| State | PUBLISHED |
| Assigner | dell |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-16 17:16:27 UTC |
| Updated | 2026-06-16 17:34:39 UTC |
| Description | Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution. |
Risk And Classification
Primary CVSS: v3.1 6.7 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Problem Types: CWE-427 | CWE-427 CWE-427: Uncontrolled Search Path Element
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
HighPrivileges Required
LowUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Dell | Peripheral Manager | affected 1.7.3 or later semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.dell.com/support/kbdoc/en-us/000221413/dsa-2024-055-security-update-fo... | [email protected] | www.dell.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Dell Technologies would like to thank Yue Liu From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue. (en)
There are currently no legacy QID mappings associated with this CVE.