Lucene search

[email protected]NVD:CVE-2024-0167

HistoryFeb 12, 2024 - 7:15 p.m.

CVE-2024-0167

2024-02-1219:15:10

CWE-78

[email protected]

web.nvd.nist.gov

dell unity

os command injection

authenticated attacker

arbitrary files

root privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.

Affected configurations

Nvd

Node

dellunity_operating_environmentRange<5.4.0.0.5.094

VendorProductVersionCPE
dellunity_operating_environment*cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	unity_operating_environment	*	cpe:2.3:a:dell:unity_operating_environment::::::::

References

www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for NVD:CVE-2024-0167

cve1 cvelist1 prion1