CVE-2024-22224

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 12, 2024

Updated: Feb 15, 2024

CWE ID 78

Summary

CVE-2024-22224 is a critical vulnerability affecting Dell Unity versions below 5.4. An attacker with authentication can exploit this OS Command Injection flaw in the svc_nas utility. Successful exploitation allows the attacker to escape the restricted shell and execute arbitrary operating system commands with root privileges, posing a significant risk to system security. This vulnerability requires immediate attention and patching to prevent potential unauthorized system access and compromises.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Dell Technologies, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uEkWd9
https://www.cve.org/CVERecord?id=CVE-2024-22224
https://nvd.nist.gov/vuln/detail/CVE-2024-22224

Back to Vulnerability Database

CVE-2024-22224

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations