CVE-2024-22225

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.4

Description The issue exists due to the lack of neutralization of special elements used in the operating system command in the svc supportassist utility of the Dell Unity Operating Environment. This could allow an attacker to execute arbitrary operating system commands with root privileges. An authenticated attacker could potentially exploit this vulnerability.

Recommendations For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the svc supportassist utility until a patch is available. Avoid using the svc supportassist utility with untrusted input to minimize the risk of exploitation.