Low Privilege User Could Execute Arbitrary Code via Modifying Installation Folder Files
CVE-2024-22452

7.8HIGH

Key Information:

Vendor: Dell
Status: Dell Display And Peripheral Manager
Vendor: CVE Published:; 4 March 2024

Summary

An improper access control vulnerability exists in Dell Display and Peripheral Manager for macOS versions prior to 1.3. This security flaw enables a low privilege user to gain unauthorized access by modifying files located in the installation folder. If exploited, this could allow the execution of arbitrary code, potentially leading to an escalation of user privileges within the affected system, posing a significant security risk.

Affected Version(s)

Dell Display and Peripheral Manager < 1.3

References

https://www.dell.com/support/kbdoc/en-us/000221414/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2024
Vulnerability Reserved
Jan 10, 2024

Credit

pwn2car