CVE-2024-49564
Description
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dell Unity 5.4 and prior contain an OS command injection vulnerability allowing local low-privileged attackers to execute arbitrary commands as root.
Vulnerability
Dell Unity, version 5.4 and prior, suffers from an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [1]. The flaw exists in a component accessible to local users, potentially in command execution paths that do not properly sanitize input.
Exploitation
An attacker with low privileges and local access can exploit this vulnerability by supplying specially crafted input that is passed to an operating system command without proper sanitization [1]. No user interaction is required beyond gaining initial local access.
Impact
Successful exploitation allows the attacker to execute arbitrary operating system commands with root privileges, leading to complete compromise of the affected system and elevation of privileges [1].
Mitigation
Dell has released a security update as part of DSA-2025-116 to address this vulnerability [1]. Users should apply the latest update to Dell Unity, Dell UnityVSA, and Dell Unity XT systems. No workarounds are documented in the available reference.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.