CyberSecurityBoard
Sponsor Register Login

Multiple Dell Unity Vulnerabilities Let Attackers Compromise Affected System

Dell Technologies has released a critical security update addressing multiple severe vulnerabilities in its Unity enterprise storage systems that could allow attackers to execute arbitrary commands as root, delete critical system files, and perform other malicious activities without authentication. Dell acknowledged security researchers for responsibly disclosing these vulnerabilities: “prowser” discovered the critical remote command injection flaws, while “zzcentury” and “xiaohei” from Ubisectech Sirius Team identified the local privilege escalation vulnerabilities. Further compounding the risk are multiple local privilege escalation vulnerabilities (CVE-2024-49563, CVE-2024-49564, CVE-2024-49565, CVE-2024-49566, CVE-2025-23383, CVE-2025-24377, CVE-2025-24378, CVE-2025-24379, CVE-2025-24380, CVE-2025-24385, CVE-2025-24386) with CVSS scores of 7.8, allowing low-privileged local users to execute commands with root privileges. Organizations using affected Dell Unity systems should assess their exposure, implement the recommended update, and monitor for signs of exploitation while these critical vulnerabilities remain unpatched. Two additional command injection vulnerabilities (CVE-2024-49601 and CVE-2025-24382) with CVSS 7.3 scores enable unauthenticated, remote attackers to execute commands with lower impact levels.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 31 Mar 2025 14:45:12 +0000


Cyber News related to Multiple Dell Unity Vulnerabilities Let Attackers Compromise Affected System

CVE-2018-1183 - In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to ...
6 years ago
Multiple Dell Unity Vulnerabilities Let Attackers Compromise Affected System - Dell Technologies has released a critical security update addressing multiple severe vulnerabilities in its Unity enterprise storage systems that could allow attackers to execute arbitrary commands as root, delete critical system files, and perform ...
1 month ago Cybersecuritynews.com CVE-2024-49563
Critical Cisco Unity Connection Flaw Let Attackers Run Command - A critical vulnerability of severe severity has been found in Cisco Unity Connection's web-based management interface. This flaw might allow a remote, unauthenticated attacker to upload arbitrary files to a compromised system and run commands on the ...
1 year ago Cybersecuritynews.com CVE-2024-20272
Dell Alienware Command Center Vulnerability Let Attackers Escalate Privileges - According to Dell’s security advisory, “A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges” on the affected system. This indicates that while the ...
3 weeks ago Cybersecuritynews.com CVE-2024-22450
Dell says names, addresses leaked after hacker claims access to 49M records - Dell is warning customers that their names, physical addresses and some order information may have been accessed in a recent cybersecurity incident. A threat actor known as Menelik made a post on the cybercrime site BreachForums on April 28 claiming ...
1 year ago Packetstormsecurity.com
Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! - Cisco has fixed a critical vulnerability in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system. Cisco Unity Connection is a unified messaging and voicemail ...
1 year ago Helpnetsecurity.com CVE-2024-20272
Dell PowerProtect Systems Vulnerability Let Remote Attackers to Execute Arbitrary Commands - The vulnerability allows for “execution of arbitrary commands with root privileges,” essentially giving attackers complete control over affected systems. According to the security advisory, this vulnerability affects multiple versions of ...
1 month ago Cybersecuritynews.com CVE-2023-44277
Dell Data Breach Exposes Personal Information Of 49 Million - Personal details such as names and residential addresses were compromised in the breach, while sensitive financial information remained secure. Dell, the renowned computer manufacturer, has issued a cautionary notice to its customers regarding a ...
1 year ago Cysecurity.news
CVE-2021-43589 - Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, ...
3 years ago
CVE-2018-1216 - A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere ...
7 years ago
CVE-2018-1215 - An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC ...
7 years ago
Multiple Flaws in Dell PowerProtect Products Execute Commands - Multiple vulnerabilities have been discovered in Dell's PowerProtect, which were associated with SQL injection, cross-site scripting, privilege escalation, command injection, and path tracing. The severity for these vulnerabilities ranges between 4.3 ...
1 year ago Cybersecuritynews.com CVE-2023-44286 CVE-2023-44284 CVE-2023-48668 CVE-2023-44277 CVE-2023-48667 CVE-2023-44279 CVE-2023-44278 CVE-2023-44285
Cisco says critical Unity Connection bug lets attackers get root - Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. Unity Connection is a fully virtualized messaging and voicemail solution for email inboxes, web ...
1 year ago Bleepingcomputer.com CVE-2024-20287
Dell API Abused to Steal 49 Million Customer Records in Data Breach - The threat actor responsible for the recent Dell data breach stated that he scraped information from 49 million customer records via a partner portal API that he accessed as a phony organization. Dell had begun sending alerts to customers informing ...
1 year ago Cysecurity.news
Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products - Dell is urging customers of its PowerProtect products to review a newly released security advisory and patch a series of potentially serious vulnerabilities. The vulnerabilities impact PowerProtect Data Domain series appliances, which are designed to ...
1 year ago Packetstormsecurity.com CVE-2023-44286
Dell warns of data breach, 49 million customers allegedly affected - Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. The computer maker began emailing data breach notifications to customers yesterday, stating that a Dell portal ...
1 year ago Bleepingcomputer.com
CVE-2016-8354 - An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the ...
8 years ago
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
11 months ago Securityaffairs.com
CVE-2018-1239 - Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands ...
6 years ago
Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
1 year ago Securityboulevard.com
Why CVEs Are an Incentives Problem - I've been thinking about some of these unintended consequences in the context of a growing problem faced by all of us in cybersecurity: how a fast-rising tide of software vulnerabilities tracked as common vulnerabilities and exposures - are reported ...
11 months ago Darkreading.com
CVE-2022-29084 - Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and ...
2 years ago
CVE-2022-29085 - Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain ...
2 years ago
CVE-2020-5319 - Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated ...
5 years ago
Vulnerability Summary for the Week of February 12, 2024 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise ...
1 year ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)