Dell Unity Vulnerability: OS Command Injection Risk
CVE-2024-22223

7.8HIGH

Key Information:

Vendor: Dell
Status: Unity
Vendor: CVE Published:; 12 February 2024

Summary

An OS Command Injection vulnerability exists in Dell Unity, specifically within the svc_cbr utility. This flaw allows an authenticated malicious user with local access to exploit the vulnerability, potentially leading to the execution of arbitrary operating system commands. The execution would occur with the same privileges as the vulnerable application, posing significant risks to system integrity and security. Users of affected Dell Unity versions are encouraged to apply available security updates to mitigate this vulnerability.

Affected Version(s)

Unity 0 < 5.4

References

https://www.dell.com/support/kbdoc/en-us/000222010/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2024
Vulnerability Reserved
Jan 8, 2024