CVE-2024-0170
published 2024-02-12CVE-2024-0170: Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | unity | < 5.4 | 5.4 |
| dell | unity_operating_environment | < 5.4.0.0.5.094 | 5.4.0.0.5.094 |