OS Command Injection Vulnerability in Dell Unity by Dell
CVE-2024-49601

7.3HIGH

Key Information:

Vendor: Dell
Status: Unity
Vendor: CVE Published:; 28 March 2025

Summary

Dell Unity contains a vulnerability that allows for improper neutralization of special elements used in OS commands, enabling unauthenticated remote attackers to execute arbitrary commands. This flaw highlights the need for robust security measures to protect systems from unauthorized access and potential exploitation.

Affected Version(s)

Unity < 5.5.0.0.5.259

References

https://www.dell.com/support/kbdoc/en-us/000300090/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Oct 17, 2024

Credit

Dell would like to thank prowser for reporting these issues.