CVE-2024-22222: OS Command Injection
First published: Mon Feb 12 2024(Updated: )
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC Unity Operating Environment | <5.4.0.0.5.094 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-22222?
CVE-2024-22222 is classified as a high severity vulnerability due to its potential for exploitation by authenticated users.
How do I fix CVE-2024-22222?
To fix CVE-2024-22222, upgrade to Dell Unity versions 5.4 or later.
What type of vulnerability is CVE-2024-22222?
CVE-2024-22222 is an OS Command Injection vulnerability.
Who can exploit CVE-2024-22222?
Only authenticated users with local access can exploit the CVE-2024-22222 vulnerability.
What could happen if CVE-2024-22222 is exploited?
Exploitation of CVE-2024-22222 could lead to the execution of arbitrary OS commands on the underlying operating system.
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/type
- collector/epss-latest
- source/FIRST
- agent/event
- agent/softwarecombine
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell emc unity operating environment