Dell Unity Vulnerability: Authenticated Attackers Can Execute Commands with Root Privileges
CVE-2024-22227

7.8HIGH

Key Information:

Vendor: Dell
Status: Unity
Vendor: CVE Published:; 12 February 2024

Summary

Dell Unity, specifically in versions prior to 5.4, is affected by an OS Command Injection vulnerability found in its svc_dc utility. This flaw allows an authenticated attacker to execute system-level commands, potentially gaining root privileges. Exploitation of this vulnerability poses a significant risk to the security and integrity of the system, allowing unauthorized access to sensitive operations and data.

Affected Version(s)

Unity 0 < 5.4

References

https://www.dell.com/support/kbdoc/en-us/000222010/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2024
Vulnerability Reserved
Jan 8, 2024