VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 12, 2024· Updated May 7, 2025

CVE-2024-22223

CVE-2024-22223

Description

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell Unity versions prior to 5.4 contain an OS command injection in svc_cbr utility, allowing authenticated local users to execute arbitrary commands.

Vulnerability

Dell Unity, Unity VSA, and Unity XT versions prior to 5.4 contain an OS command injection vulnerability in the svc_cbr utility. The utility is accessible to authenticated users with local access, and the injection occurs due to insufficient sanitization of user-supplied input when constructing system commands. [1]

Exploitation

An attacker must have local access to the system and valid authentication credentials. No user interaction is required. The attacker can craft input to the svc_cbr utility that, when processed, executes arbitrary OS commands with the privileges of the vulnerable application. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary operating system commands, leading to full compromise of confidentiality, integrity, and availability. The CVSS v3.1 base score is 7.8 (High), with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. [1]

Mitigation

Dell has addressed this vulnerability in Unity version 5.4. Users should upgrade to 5.4 or later to remediate the issue. No workarounds are documented in the available reference. [1]

References
  1. DSA-2024-042: Dell Unity, Dell Unity VSA and Dell Unity XT Security Update for Multiple Vulnerabilities

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.