Lucene search

[email protected]NVD:CVE-2024-0170

HistoryFeb 12, 2024 - 7:15 p.m.

CVE-2024-0170

2024-02-1219:15:10

CWE-78

[email protected]

web.nvd.nist.gov

dell unity

command injection

exploit

root privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Affected configurations

Nvd

Node

dellunity_operating_environmentRange<5.4.0.0.5.094

VendorProductVersionCPE
dellunity_operating_environment*cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	unity_operating_environment	*	cpe:2.3:a:dell:unity_operating_environment::::::::

References

www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for NVD:CVE-2024-0170

cvelist1 prion1 cve1