CVE-2024-0167 HIGH

CVE-2024-0167

Vendor Dell
Product Unity
Weakness CWE-78
Published February 12, 2024
Last update May 6, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.

Key dates

02Disclosure timeline

February 12, 2024 CVE published
May 6, 2025 Record updated