CVE-2024-22229 — LOW (3.1) — White Hats Nepal

Vulnerability Description

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

CVSS Score

3.1

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Dell	Unity Operating Environment	5.3.0.0.5.120
Dell	Unity Xt Operating Environment	5.3.0.0.5.120
Dell	Unityvsa Operating Environment	5.3.0.0.5.120

Related Weaknesses (CWE)

CWE-117 CWE-116

References

https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unityVendor Advisory
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unityVendor Advisory

FAQ

What is CVE-2024-22229?

CVE-2024-22229 is a vulnerability with a CVSS score of 3.1 (LOW). Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create ...

How severe is CVE-2024-22229?

CVE-2024-22229 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-22229?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Unity Operating Environment, Dell Unity Xt Operating Environment, Dell Unityvsa Operating Environment.