Device Management Agent
Monthly
Local privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticated, low-privileged user on the host to elevate to full system-level control by abusing insecure symbolic/hard link resolution (CWE-59) during file operations. Dell has released a fix in DDMA 26.05. There is no public exploit identified at time of analysis and EPSS estimates exploitation probability at only 0.12% (3rd percentile), but the SSVC technical impact is rated 'total', reflecting the complete compromise achievable once a foothold exists.
Dell Device Management Agent versions before 26.02 suffer from an authorization bypass that allows local attackers with low privileges to escalate their access on affected systems. The vulnerability stems from improper privilege validation and requires only local access with no user interaction to exploit. No patch is currently available for this issue.
Device Management Agent versions up to 26.02 is affected by improper check for unusual or exceptional conditions (CVSS 3.3).
Dell Device Management Agent versions before 26.02 store passwords in plaintext, allowing high-privileged local attackers to gain unauthorized access to sensitive systems. The vulnerability requires administrative-level access and local presence but poses a confidentiality risk to affected deployments. No patch is currently available.
Local privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticated, low-privileged user on the host to elevate to full system-level control by abusing insecure symbolic/hard link resolution (CWE-59) during file operations. Dell has released a fix in DDMA 26.05. There is no public exploit identified at time of analysis and EPSS estimates exploitation probability at only 0.12% (3rd percentile), but the SSVC technical impact is rated 'total', reflecting the complete compromise achievable once a foothold exists.
Dell Device Management Agent versions before 26.02 suffer from an authorization bypass that allows local attackers with low privileges to escalate their access on affected systems. The vulnerability stems from improper privilege validation and requires only local access with no user interaction to exploit. No patch is currently available for this issue.
Device Management Agent versions up to 26.02 is affected by improper check for unusual or exceptional conditions (CVSS 3.3).
Dell Device Management Agent versions before 26.02 store passwords in plaintext, allowing high-privileged local attackers to gain unauthorized access to sensitive systems. The vulnerability requires administrative-level access and local presence but poses a confidentiality risk to affected deployments. No patch is currently available.