CVE-2024-22229

EPSS 0.16%
Published 24.01.2024 17:15:08
Last modified 21.11.2024 08:55:50
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Unity Operating Environment Version5.3.0.0.5.120

Dell ≫ Unity Xt Operating Environment Version5.3.0.0.5.120

Dell ≫ Unityvsa Operating Environment Version5.3.0.0.5.120

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.373

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
security_alert@emc.com	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-116 Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

CWE-117 Improper Output Neutralization for Logs

The product does not neutralize or incorrectly neutralizes output that is written to logs.

https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-22229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-22229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-22229

EUVD