CVE-2024-22226

CWE-23 CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 43.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell Unity Operating Environment

Timeline

PublishedFeb 12

Description

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5dell/unity< 5.4

▶NVDdell/unity_operating_environment< 5.4.0.0.5.094

🔴Vulnerability Details

CVEList

CVE-2024-22226: Dell Unity, versions prior to 5↗2024-02-12

▶

GHSA

GHSA-mqhm-2f26-c69c: Dell Unity, versions prior to 5↗2024-02-12

▶