CVE-2024-0170

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.4

Description The issue is related to an OS Command Injection Vulnerability in the svc cava utility of Dell Unity. This vulnerability could allow an authenticated attacker to escape the restricted shell and execute arbitrary operating system commands with root privileges. The vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command.

Recommendations For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the svc cava utility to minimize the risk of exploitation.