CVE-2024-22228

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.4

Description The issue is related to an OS Command Injection Vulnerability in the svc cifssupport utility of Dell Unity. This vulnerability could allow an authenticated attacker to escape the restricted shell and execute arbitrary operating system commands with root privileges. The vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command.

Recommendations For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the svc cifssupport utility until a patch is available. Avoid using the utility for executing operating system commands with root privileges until the issue is resolved. At the moment, there is no other information about additional mitigation measures.