Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local-only access (AV:L) with an existing low-privileged account (PR:L), no user interaction, and improper access control yielding full code execution gives high C/I/A.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
AnalysisAI
Local privilege escalation to code execution affects Dell Display and Peripheral Manager (DDPM) for Windows in all versions prior to 2.3, where an Improper Access Control flaw (CWE-284) lets a low-privileged local user execute arbitrary code in a higher-privileged context. The CVSS 3.1 base score is 7.8 (High), reflecting full confidentiality, integrity, and availability impact from a local, low-privilege starting point with no user interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires existing local access to a Windows system running Dell Display and Peripheral Manager prior to version 2.3, with at least a low-privileged (PR:L) authenticated user account; no user interaction is needed (UI:N) and attack complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 7.8 High) describes a realistic and reliable local privilege-escalation primitive: low complexity, no user interaction, and only low privileges required, yielding full system impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who already has a standard, low-privileged account on a Dell Windows workstation (for example, a logged-in employee or a foothold from a phishing payload) abuses the improperly access-controlled DDPM component to run code at a higher privilege level. With no user interaction and low attack complexity, this lets them escalate from limited user to a privileged context and gain durable control of the host. … |
| Remediation | Vendor-released patch: upgrade Dell Display and Peripheral Manager to version 2.3 or later, per Dell advisory DSA-2026-277 (https://www.dell.com/support/kbdoc/en-fm/000477679/dsa-2026-277). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Complete inventory of all Windows systems running Dell DDPM versions prior to v2.3; document business criticality of each affected system. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Protection mechanism bypass in Dell Display and Peripheral Manager for Mac (versions prior to 2.3) stems from improper c
OS command injection in Dell Display and Peripheral Manager (DDPM) for macOS, all versions prior to 2.3, allows a low-pr
Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. Rated high
Local privilege escalation in Dell Display and Peripheral Manager (DDPM) for Mac, versions prior to 2.3, lets a low-priv
Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulne
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39390
GHSA-r76q-57r9-2mhg