Log Spoofing Vulnerability in Dell Unity from Dell
CVE-2024-22229

4.3MEDIUM

Key Information:

Vendor: Dell
Status: Unity
Vendor: CVE Published:; 24 January 2024

Summary

Dell Unity versions prior to 5.4 are affected by a vulnerability that allows authenticated attackers to spoof log messages. By exploiting this weakness, an attacker can create misleading log entries, generate false alarms, and inject malicious content into system logs, significantly compromising their integrity. Additionally, the attacker may prevent the logging of critical information while executing harmful actions, or could implicate an innocent user in malicious activities. This vulnerability underscores the importance of securing logging mechanisms to maintain the integrity of system operations.

Affected Version(s)

Unity 0 < 5.3.0.0.5.120

References

https://www.dell.com/support/kbdoc/en-us/000213152/dsa-20...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 24, 2024
Vulnerability Reserved
Jan 8, 2024