Dell Unity Vulnerability: Arbitrary OS Command Execution
CVE-2024-22224

7.8HIGH

Key Information:

Vendor: Dell
Status: Unity
Vendor: CVE Published:; 12 February 2024

Summary

The Dell Unity storage solution, specifically versions prior to 5.4, contains a significant OS Command Injection vulnerability within its svc_nas utility. This flaw allows authenticated attackers to bypass the restricted shell environment, potentially gaining the ability to execute arbitrary operating system commands with root privileges. This could lead to severe implications, including unauthorized access and manipulation of the underlying operating system.

Affected Version(s)

Unity 0 < 5.4

References

https://www.dell.com/support/kbdoc/en-us/000222010/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2024
Vulnerability Reserved
Jan 8, 2024