Vulnerability Details CVE-2024-0166
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.8%
CVSS Severity
CVSS v3 Score 7.8
References
- https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
Products affected by CVE-2024-0166
-
cpe:2.3:a:dell:unity_operating_environment:-
-
cpe:2.3:a:dell:unity_operating_environment:5.0.7.0.5.008
-
cpe:2.3:a:dell:unity_operating_environment:5.2.0.0.5.173
-
cpe:2.3:a:dell:unity_operating_environment:5.3.0.0.5.120
-
cpe:2.3:a:dell:unity_operating_environment:5.4.0.0