Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.
History

Tue, 08 Jul 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell unity Operating Environment
CPEs cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell unity Operating Environment

Fri, 28 Mar 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 28 Mar 2025 02:00:00 +0000

Type Values Removed Values Added
Description Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2025-03-28T01:35:58.166Z

Updated: 2025-03-29T03:55:38.281Z

Reserved: 2024-10-16T05:04:26.795Z

Link: CVE-2024-49563

cve-icon Vulnrichment

Updated: 2025-03-28T13:59:43.506Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2025-03-28T02:15:13.510

Modified: 2025-07-08T16:25:00.350

Link: CVE-2024-49563

cve-icon Redhat

No data.