CVE-2024-0168

HIGH

Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated OS Command Injection via svc_oscheck Utility

Title source: llm

Description

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 46.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

dell/unity_operating_environment < 5.4.0.0.5.094

Published Feb 12, 2024

Tracked Since Feb 18, 2026