Vulnerability Details CVE-2024-0168
Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.1%
CVSS Severity
CVSS v3 Score 7.8
References
- https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
Products affected by CVE-2024-0168
-
cpe:2.3:a:dell:unity_operating_environment:-
-
cpe:2.3:a:dell:unity_operating_environment:5.0.7.0.5.008
-
cpe:2.3:a:dell:unity_operating_environment:5.2.0.0.5.173
-
cpe:2.3:a:dell:unity_operating_environment:5.3.0.0.5.120
-
cpe:2.3:a:dell:unity_operating_environment:5.4.0.0