CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The version of the Dell Peripheral Manager running on the remote host is prior to 1.7.6. It is, therefore, affected by multiple vulnerabilities according to advisory DSA-2024-242.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(205610);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/16");
script_cve_id("CVE-2024-37127", "CVE-2024-37142", "CVE-2024-32857");
script_xref(name:"IAVA", value:"2024-A-0483");
script_name(english:"Dell Peripheral Manager < 1.7.6 Multiple Vulnerabilities (DSA-2024-242)");
script_set_attribute(attribute:"synopsis", value:
"A web server running on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of the Dell Peripheral Manager running on the remote host is prior to 1.7.6. It is, therefore, affected by
multiple vulnerabilities according to advisory DSA-2024-242.
- Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element
vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or
symbolic link exploitation, leading to arbitrary code execution and escalation of privilege.
(CVE-2024-37127, CVE-2024-37142, CVE-2024-32857)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.dell.com/support/kbdoc/en-us/000225474/dsa-2024-242");
script_set_attribute(attribute:"solution", value:
"Upgrade to Dell Peripheral Manager version 1.7.6 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-37142");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/07/30");
script_set_attribute(attribute:"patch_publication_date", value:"2024/07/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:dell:peripheral_manager");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("dell_peripheral_manager_win_installed.nbin");
script_require_keys("installed_sw/Dell Peripheral Manager");
exit(0);
}
include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'Dell Peripheral Manager');
var constraints = [
{'fixed_version': '1.7.6'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);