CVE-2024-0166

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.4

Description The issue is an OS Command Injection Vulnerability in the svc tcpdump utility of Dell Unity. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. This occurs due to the lack of measures to neutralize special elements used in the OS command.

Recommendations For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the svc tcpdump utility until a patch is available. Avoid using the svc tcpdump utility for sensitive operations until the issue is resolved.