Lucene search

[email protected]NVD:CVE-2024-22229

HistoryJan 24, 2024 - 5:15 p.m.

CVE-2024-22229

2024-01-2417:15:08

CWE-117

CWE-116

[email protected]

web.nvd.nist.gov

dell unity

log spoofing

authenticated attacker

false alarms

log integrity

malicious content

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

Affected configurations

NVD

Node

dellunity_operating_environmentMatch5.3.0.0.5.120

dellunity_xt_operating_environmentMatch5.3.0.0.5.120

dellunityvsa_operating_environmentMatch5.3.0.0.5.120

References

www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for NVD:CVE-2024-22229

cvelist1 prion1 cve1