CVE-2024-22229

LOW

Dell Unity <5.4 - Info Disclosure

Title source: llm

Description

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities

Scores

CVSS v3 3.1

EPSS 0.0015

EPSS Percentile 35.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-116 CWE-117

Status published

Products (3)

dell/unity_operating_environment 5.3.0.0.5.120

dell/unity_xt_operating_environment 5.3.0.0.5.120

dell/unityvsa_operating_environment 5.3.0.0.5.120

Published Jan 24, 2024

Tracked Since Feb 18, 2026