CVE-2024-0168

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.4

Description The issue exists due to the lack of neutralization of special elements used in the operating system command by the svc oscheck utility of Dell Unity's microcode. This allows an authenticated attacker to potentially exploit the vulnerability, leading to the ability to inject arbitrary operating system commands and execute them with root privileges.

Recommendations For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the svc oscheck utility to minimize the risk of exploitation.