CVE-2024-22222
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyección de comandos del sistema operativo dentro de su utilidad svc_udoctor. Un usuario malintencionado autenticado con acceso local podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de comandos arbitrarios del sistema operativo en el sistema operativo subyacente de la aplicación, con los privilegios de la aplicación vulnerable.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-08 CVE Reserved
- 2024-02-12 CVE Published
- 2024-02-13 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Unity Operating Environment Search vendor "Dell" for product "Unity Operating Environment" | < 5.4.0.0.5.094 Search vendor "Dell" for product "Unity Operating Environment" and version " < 5.4.0.0.5.094" | - |
Affected
| ||||||