CVE-2024-0168 — OS Command Injection in Dell Unity

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 53.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell Unity Operating Environment

Timeline

PublishedFeb 12

Description

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDdell/unity_operating_environment< 5.4.0.0.5.094

▶CVEListV5dell/unityo — 5.4

🔴Vulnerability Details

GHSA

GHSA-j87v-2fwm-cxch: Dell Unity, versions prior to 5↗2024-02-12

▶

CVEList

CVE-2024-0168: Dell Unity, versions prior to 5↗2024-02-12

▶