CVE-2024-0167 — OS Command Injection in Dell Unity

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 41.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell Unity Operating Environment

Timeline

PublishedFeb 12

Latest updateFeb 7

Description

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dell/unity< 5.4

▶NVDdell/unity_operating_environment< 5.4.0.0.5.094

🔴Vulnerability Details

CVEList

CVE-2024-0167: Dell Unity, versions prior to 5↗2024-02-12

▶

GHSA

GHSA-2pqm-qhp5-fh45: Dell Unity, versions prior to 5↗2024-02-12

▶

💬Community

HackerOne

CVE-2025-0167: netrc and default credential leak↗2025-02-07

▶