CVE-2024-22223: OS Command Injection
First published: Mon Feb 12 2024(Updated: )
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC Unity Operating Environment | <5.4.0.0.5.094 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-22223?
CVE-2024-22223 is classified as a high severity vulnerability due to its potential for exploitation by authenticated users.
How do I fix CVE-2024-22223?
To mitigate CVE-2024-22223, upgrade to Dell Unity Operating Environment version 5.4.0.0.5.094 or later.
Who is affected by CVE-2024-22223?
CVE-2024-22223 affects users of Dell Unity versions before 5.4, particularly those with local access.
What type of vulnerability is CVE-2024-22223?
CVE-2024-22223 is an OS Command Injection vulnerability that allows execution of arbitrary commands.
Can CVE-2024-22223 be exploited remotely?
No, CVE-2024-22223 can only be exploited by an authenticated malicious user with local access.
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell emc unity operating environment