CVE-2024-0167

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.4

Description The issue is related to an OS Command Injection Vulnerability in the svc topstats utility. An authenticated attacker could potentially exploit this, leading to the ability to overwrite arbitrary files on the file system with root privileges. This vulnerability exists due to the lack of measures to neutralize special elements used in the OS command.

Recommendations For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the svc topstats utility until a patch is available.