CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0170
https://notcve.org/view.php?id=CVE-2024-0170
12 Feb 2024 — Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyección de comandos del sistema operativo en su utilidad svc_cava. Un atacante autenticado podría explotar esta vulnerabilidad, escapar del shell restringido... • https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22229
https://notcve.org/view.php?id=CVE-2024-22229
24 Jan 2024 — Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities. Dell Unity, versiones anteriores a la 5.4, contienen una... • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43082
https://notcve.org/view.php?id=CVE-2023-43082
22 Nov 2023 — Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate. Dell Unity anterior a 5.3 contiene una vulnerabilidad de tipo "man in the middle" en el componente vmadapter. Si un cliente tiene un certificado firmado por una autoridad de certificación pública de terceros, un atacante podría falsificar la ... • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43067
https://notcve.org/view.php?id=CVE-2023-43067
23 Oct 2023 — Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system. Dell Unity anterior a 5.3 contiene una vulnerabilidad de inyección de External Entity XML. Un ataque XXE podría explotar esta vulnerabilidad y revelar archivos locales en el sistema de archivos. • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43066
https://notcve.org/view.php?id=CVE-2023-43066
23 Oct 2023 — Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. Dell Unity anterior a 5.3 contiene una vulnerabilidad de omisión de Shell restringido. Esto podría permitir que un atacante local autenticado aproveche esta vulnerabilidad autenticándose en el CLI del dispositivo y emitiendo ciertos comandos. • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43065
https://notcve.org/view.php?id=CVE-2023-43065
23 Oct 2023 — Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. Dell Unity anterior a 5.3 contiene una vulnerabilidad de Cross-Site Scripting. Un atacante autenticado con pocos privilegios puede aprovechar estos problemas para obtener privilegios aumentados. • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43074
https://notcve.org/view.php?id=CVE-2023-43074
23 Oct 2023 — Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. Dell Unity 5.3 contiene una vulnerabilidad de creación arbitraria de archivos. Un atacante remoto no autenticado podría explotar esta vulnerabilidad creando archivos arbitrarios mediante una solicitud al servidor. • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-73: External Control of File Name or Path •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22564
https://notcve.org/view.php?id=CVE-2022-22564
14 Feb 2023 — Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. • https://www.dell.com/support/kbdoc/en-us/000199050/dsa-2022-021-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29085
https://notcve.org/view.php?id=CVE-2022-29085
02 Jun 2022 — Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell Unity, Dell UnityVSA y Dell Unity XT versiones anteriores a la 5.2.0.0.5.173 contienen una vulnerabilidad en el almacena... • https://www.dell.com/support/kbdoc/000199050 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2022-29084
https://notcve.org/view.php?id=CVE-2022-29084
02 Jun 2022 — Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. Dell Unity, Dell UnityVSA y Dell Unity XT versiones anteriores a 5.2.0.5.173, no restringen los intentos de autenticación excesivos en la GUI de Unisphere. ... • https://www.dell.com/support/kbdoc/000199050 • CWE-307: Improper Restriction of Excessive Authentication Attempts •