CVE-2024-22223

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.4

Description The issue is an OS Command Injection Vulnerability within the svc cbr utility of Dell Unity. This vulnerability could be exploited by an authenticated malicious user with local access, potentially leading to the execution of arbitrary OS commands on the application's underlying OS with the privileges of the vulnerable application. The vulnerability exists due to the lack of measures to neutralize special elements used in the OS command.

Recommendations For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the svc cbr utility until a patch is available. Avoid using the svc cbr utility for tasks that require executing OS commands with elevated privileges until the issue is resolved.