CVE-2024-22222

HIGH

Dell Unity <5.4 - Command Injection

Title source: llm
STIX 2.1

Description

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Scores

CVSS v3 7.8
EPSS 0.0090
EPSS Percentile 55.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-78
Status published
Products (1)
dell/unity_operating_environment < 5.4.0.0.5.094
Published Feb 12, 2024
Tracked Since Feb 18, 2026