Unrated severityNVD Advisory· Published Mar 28, 2025· Updated Feb 26, 2026

CVE-2024-49601

Description

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell Unity 5.4 and prior contains an OS command injection vulnerability allowing unauthenticated remote attackers to execute arbitrary commands.

Vulnerability

Dell Unity versions 5.4 and prior contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [1]. The flaw exists in an unspecified component that processes user-supplied input without proper sanitization, enabling injection of operating system commands.

Exploitation

An unauthenticated attacker with remote network access can exploit this vulnerability by sending specially crafted requests to the affected Dell Unity system [1]. No authentication or user interaction is required; the attacker can directly inject OS commands through the vulnerable input.

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected process [1]. This can lead to full compromise of the Dell Unity system, including data disclosure, modification, or denial of service.

Mitigation

Dell has released a security update (DSA-2025-116) to address this vulnerability [1]. Affected users should apply the update as soon as possible. No workarounds have been provided; updating to a fixed version is the only recommended mitigation.

References

DSA-2025-116: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Sift/Unityllm-fuzzy
Range: <=5.4
Dell/Unity XTcpe-rescue
Range: N/A

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilitiesmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000