7.8 CVE-2024-32857

 

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege
https://nvd.nist.gov/vuln/detail/CVE-2024-32857

Categories

CWE-427 : Uncontrolled Search Path Element

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:dell:peripheral_manager:*:*:*:*:*:*:*:* < 1.7.6


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
38 Leveraging/Manipulating Configuration File Search Paths
Very High
471 Search Order Hijacking
Medium


MITRE


Techniques

id description
T1574.001 Hijack Execution Flow:DLL search order hijacking
T1574.004 Hijack Execution Flow: Dylib Hijacking
T1574.007 Hijack Execution Flow:Path Interception by PATH Environment Variable
T1574.008 Hijack Execution Flow:Path Interception by Search Order Hijacking
T1574.009 Hijack Execution Flow: Path Interception by Unquoted Path
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Mitigations

id description
T1574.001 Disallow loading of remote DLLs. This is included by default in Windows Server 2012+ and is available by patch for XP+ and Server 2003+. Enable Safe DLL Search Mode to force search for system DLLs in directories with greater restrictions (e.g. <code>%SYSTEMROOT%</code>)to be used before local directory DLLs (e.g. a user's home directory) The Safe DLL Search Mode can be enabled via Group Policy at Computer Configuration > [Policies] > Administrative Templates > MSS (Legacy): MSS: (SafeDllSearchMode) Enable Safe DLL search mode. The associated Windows Registry key for this is located at <code>HKLMSYSTEMCurrentControlSetControlSession ManagerSafeDLLSearchMode</code>
T1574.004 Set directory access controls to prevent file writes to the search paths for applications, both in the folders where applications are run from and the standard dylib folders.
T1574.007 Ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory <code>C:</code> and system directories, such as <code>C:Windows</code>, to reduce places where malicious files could be placed for execution. Require that all executables be placed in write-protected directories.
T1574.008 Ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory <code>C:</code> and system directories, such as <code>C:Windows</code>, to reduce places where malicious files could be placed for execution. Require that all executables be placed in write-protected directories.
T1574.009 Ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory <code>C:</code> and system directories, such as <code>C:Windows</code>, to reduce places where malicious files could be placed for execution. Require that all executables be placed in write-protected directories.
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.