Cyber Resilience

CVE-2024-22229

Low

Published: 24 January 2024

Published
24 January 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0015 36.0th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-22229 is a low-severity Improper Output Neutralization for Logs (CWE-117) vulnerability in Dell Unity Operating Environment. Its CVSS base score is 3.1 (Low).

Operationally, ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise…

more

logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
unity operating environment
5.3.0.0.5.120
dell
unity xt operating environment
5.3.0.0.5.120
dell
unityvsa operating environment
5.3.0.0.5.120

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-116 CWE-117

Validating that output matches expected content directly mitigates failures to properly encode or escape data for its destination context.

addresses: CWE-117

Policy and procedures require sanitization and neutralization when generating audit logs to avoid injection issues.

References