Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-24502

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-03 Mar, 2026 | 20:43
Updated At-03 Mar, 2026 | 21:01
Rejected At-
Credits

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:03 Mar, 2026 | 20:43
Updated At:03 Mar, 2026 | 21:01
Rejected At:
â–¼CVE Numbering Authority (CNA)

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Affected Products
Vendor
Dell Inc.Dell
Product
Dell Command | Intel vPro Out of Band
Default Status
unaffected
Versions
Affected
  • From N/A before 4.7.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427: Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427: Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Dell would like to thank Sandro Poppi for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000429179/dsa-2026-106
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000429179/dsa-2026-106
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:03 Mar, 2026 | 21:15
Updated At:03 Mar, 2026 | 21:52

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-427Primarysecurity_alert@emc.com
CWE ID: CWE-427
Type: Primary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000429179/dsa-2026-106security_alert@emc.com
N/A
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000429179/dsa-2026-106
Source: security_alert@emc.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

59Records found
CVE-2023-0213
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 9.12%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 10:22
Updated-23 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Elevation of Privilege in M-Files

Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.

Action-Not Available
Vendor-M-Files OyMicrosoft Corporation
Product-m-fileswindowsM-Filesm-files
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-36924
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 22:37
Updated-28 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation in Zoom Rooms Installer for Windows

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms Installer for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-36930
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.85%
||
7 Day CHG-0.07%
Published-09 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation in Zoom Rooms for Windows Installers

Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-44107
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.44%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 20:47
Updated-12 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.

Action-Not Available
Vendor-Ivanti Software
Product-workspace_controlWorkspace Controlworkspace_control
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-28822
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:15
Updated-17 Sep, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability

The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-enterprise_message_servicewindowsTIBCO Enterprise Message ServiceTIBCO Enterprise Message Service - Developer EditionTIBCO Enterprise Message Service - Community Edition
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-0670
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 14:50
Updated-13 Feb, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in windows agent

Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges

Action-Not Available
Vendor-Microsoft CorporationCheckmk GmbH
Product-windowscheckmkCheckmkcheckmk
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-6740
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.37%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 07:50
Updated-03 Jun, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in jar_signature

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

Action-Not Available
Vendor-tribe29 GmbHCheckmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-2208
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 19:40
Updated-13 Nov, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sound Research SECOMN64 Escalation of Privilege

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities.

Action-Not Available
Vendor-Sound ResearchHewlett Packard Enterprise (HPE)
Product-SECOMN64 Driversound_research_secomn64_driver
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-43440
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.51%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 08:30
Updated-24 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation via manipulated unixcat executable

Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable

Action-Not Available
Vendor-tribe29 GmbHCheckmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • Next
Details not found