Lucene search

[email protected]NVD:CVE-2024-22225

HistoryFeb 12, 2024 - 7:15 p.m.

CVE-2024-22225

2024-02-1219:15:11

CWE-78

[email protected]

web.nvd.nist.gov

dell unity

os command injection

vulnerability

cve-2024-22225

authenticated attacker

arbitrary commands

root privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Affected configurations

Nvd

Node

dellunity_operating_environmentRange<5.4.0.0.5.094

VendorProductVersionCPE
dellunity_operating_environment*cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	unity_operating_environment	*	cpe:2.3:a:dell:unity_operating_environment::::::::

References

www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for NVD:CVE-2024-22225

prion1 cvelist1 cve1