CVE-2023-43066

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 99.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Operating Environment Dell Unity XT Operating Environment Dell Unityvsa Operating Environment +1 more

Timeline

PublishedOct 23

Description

Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:LExploitability: 0.8 | Impact: 4.2

Affected Packages4 packages

▶NVDdell/unity_operating_environment< 5.3.0.0.5.120

▶NVDdell/unity_xt_operating_environment< 5.3.0.0.5.120

▶NVDdell/unityvsa_operating_environment< 5.3.0.0.5.120

▶CVEListV5dell/unityVersions prior to 5.3.0.0.5.120

🔴Vulnerability Details

GHSA

GHSA-7mwm-qgvf-37wp: Dell Unity prior to 5↗2023-10-23

▶

CVEList

CVE-2023-43066: Dell Unity prior to 5↗2023-10-23

▶