Vulnerability Details CVE-2024-0165
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.9%
CVSS Severity
CVSS v3 Score 7.8
References
- https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
Products affected by CVE-2024-0165
-
cpe:2.3:a:dell:unity_operating_environment:-
-
cpe:2.3:a:dell:unity_operating_environment:5.0.7.0.5.008
-
cpe:2.3:a:dell:unity_operating_environment:5.2.0.0.5.173
-
cpe:2.3:a:dell:unity_operating_environment:5.3.0.0.5.120
-
cpe:2.3:a:dell:unity_operating_environment:5.4.0.0