CVE-2024-22226

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.4

Description The issue is related to a path traversal vulnerability in the svc supportassist utility of Dell Unity. An authenticated attacker could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges. This vulnerability is associated with errors in processing relative paths to directories, which could allow a remote attacker to obtain unauthorized access to files stored in the server's file system.

Recommendations For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the svc supportassist utility until a patch is available. Additionally, restrict write access to sensitive files and directories on the server filesystem to minimize the risk of exploitation.