ByteOS Network

Type	CWE ID	Description
CWE	CWE-20	CWE-20: Improper Input Validation

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Hyperlink	Resource
https://www.dell.com/support/kbdoc/000203758	N/A

Hyperlink	Resource
https://www.dell.com/support/kbdoc/000203758	x_transferred

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov
CWE-20	Secondary	security_alert@emc.com

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/000203758	security_alert@emc.com	Vendor Advisory

CVE-2022-34460

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-18 Jan, 2023 | 05:25

Updated-03 Apr, 2025 | 19:38

Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-34443

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.50%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 04:19

Updated-27 Mar, 2025 | 14:11

Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.

Vendor-Dell Inc.

Product-rugged_control_center Rugged Control Center (RCC)

CWE ID-CWE-20

Improper Input Validation

CVE-2022-34393

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.14% / 33.15%

||

7 Day CHG~0.00%

Published-18 Jan, 2023 | 05:19

Updated-03 Apr, 2025 | 19:38

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32489

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:38

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32486

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-11 Oct, 2022 | 16:40

Updated-16 May, 2025 | 13:48

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

Product-precision_7820_tower bios precision_5820_tower precision_7920_tower CPG BIOS

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32488

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:38

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32492

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-11 Oct, 2022 | 16:40

Updated-16 May, 2025 | 13:48

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

Product-precision_7820_tower bios precision_5820_tower precision_7920_tower CPG BIOS

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32490

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-18 Jan, 2023 | 05:59

Updated-03 Apr, 2025 | 19:43

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

Product-edge_gateway_3000_firmware embedded_box_pc_3000_firmware edge_gateway_5000_firmware embedded_box_pc_3000 edge_gateway_3000 edge_gateway_5000 BIOS

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32485

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-16 May, 2025 | 13:45

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-26864

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 10.78%

||

7 Day CHG~0.00%

Published-23 Jun, 2022 | 17:55

Updated-16 Sep, 2024 | 20:11

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-26862

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 10.78%

||

7 Day CHG~0.00%

Published-23 Jun, 2022 | 17:55

Updated-16 Sep, 2024 | 17:49

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-24417

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 14.74%

||

7 Day CHG~0.00%

Published-26 May, 2022 | 15:20

Updated-16 Sep, 2024 | 20:27

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-24418

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 14.74%

||

7 Day CHG~0.00%

Published-26 May, 2022 | 15:20

Updated-17 Sep, 2024 | 02:27

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36283

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 12.00%

||

7 Day CHG~0.00%

Published-28 Sep, 2021 | 19:20

Updated-16 Sep, 2024 | 16:58

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36323

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 12.00%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-17 Sep, 2024 | 02:02

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36342

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 12.00%

||

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-23 Feb, 2026 | 18:09

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36324

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 12.00%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-16 Sep, 2024 | 18:13

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36343

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 12.00%

||

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-23 Feb, 2026 | 18:09

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36325

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 12.00%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-16 Sep, 2024 | 20:31

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-47238

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 13.56%

||

7 Day CHG~0.00%

Published-12 Dec, 2024 | 17:38

Updated-04 Feb, 2025 | 15:52

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Vendor-Dell Inc.

Product-edge_gateway_3000 embedded_box_pc_3000_firmware edge_gateway_3003 edge_gateway_5100_firmware edge_gateway_5100 embedded_box_pc_3000 edge_gateway_3002_firmware edge_gateway_3003_firmware edge_gateway_3002 edge_gateway_3001_firmware edge_gateway_3200_firmware edge_gateway_3001 edge_gateway_3000_firmware edge_gateway_5000_firmware edge_gateway_3200 edge_gateway_5000 Dell Client Platform BIOS

CWE ID-CWE-20

Improper Input Validation

CVE-2020-26193

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.13% / 32.72%

||

7 Day CHG~0.00%

Published-09 Feb, 2021 | 21:25

Updated-16 Sep, 2024 | 21:57

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-32860

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 13.51%

||

7 Day CHG~0.00%

Published-13 Jun, 2024 | 13:00

Updated-16 Aug, 2024 | 16:46

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-32859

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 13.51%

||

7 Day CHG~0.00%

Published-13 Jun, 2024 | 12:39

Updated-19 Sep, 2024 | 16:24

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-32858

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 13.51%

||

7 Day CHG~0.00%

Published-13 Jun, 2024 | 12:48

Updated-24 Sep, 2024 | 17:45

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-28976

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.06% / 18.56%

||

7 Day CHG~0.00%

Published-24 Apr, 2024 | 08:01

Updated-21 Jan, 2025 | 18:50

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application.

Vendor-Dell Inc.

Product-repository_manager Dell Repository Manager (DRM) repository_manager

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2024-22429

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.06% / 17.52%

||

7 Day CHG~0.00%

Published-17 May, 2024 | 15:20

Updated-30 Jan, 2025 | 15:48

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-32469

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 10.03%

||

7 Day CHG~0.00%

Published-16 Nov, 2023 | 08:14

Updated-02 Aug, 2024 | 15:18

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.

Vendor-Dell Inc.

Product-precision_5820_firmware precision_7820 precision_7920_firmware precision_7820_firmware precision_7920 precision_5820 Dell Precision 5820 Tower, Dell Precision 7820 Tower, Dell Precision 7920 Tower

CWE ID-CWE-20

Improper Input Validation

CVE-2023-24571

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.06% / 18.00%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 09:55

Updated-26 Feb, 2025 | 18:59

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.

Vendor-Dell Inc.

Product-embedded_box_pc_3000_firmware embedded_box_pc_3000 Embedded Box PC 3000 , CPG BIOS

CWE ID-CWE-20

Improper Input Validation

CVE-2023-24569

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.50%

||

7 Day CHG~0.00%

Published-10 Feb, 2023 | 12:57

Updated-24 Mar, 2025 | 18:37

Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.

Vendor-Dell Inc.

Product-alienware_command_center Alienware Command Center (AWCC)

CWE ID-CWE-20

Improper Input Validation

CVE-2022-26863

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 10.78%

||

7 Day CHG~0.00%

Published-23 Jun, 2022 | 17:55

Updated-16 Sep, 2024 | 20:48

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2025-30099

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.03% / 9.43%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 14:47

Updated-26 Feb, 2026 | 17:49

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Vendor-Dell Inc.

Product-data_domain_operating_system PowerProtect Data Domain Feature Release PowerProtect Data Domain LTS2024 PowerProtect Data Domain LTS 2023

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-27689

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.06% / 18.28%

||

7 Day CHG~0.00%

Published-12 Jun, 2025 | 20:36

Updated-26 Feb, 2026 | 17:50

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor-Dell Inc.

Product-idrac_tools iDRAC Tools

CWE ID-CWE-284

Improper Access Control

CVE-2025-26331

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.19% / 41.40%

||

7 Day CHG+0.15%

Published-07 Mar, 2025 | 08:06

Updated-26 Feb, 2026 | 19:09

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Vendor-Dell Inc.

Product-latitude_3420 optiplex_3000_thin_client latitude_5440 wyse_5470_all-in-one_thin_client optiplex_7420_all-in-one latitude_5450 latitude_3440 optiplex_5400_all-in-one optiplex_7410_all-in-one wyse_5070_thin_client thinos wyse_5470_mobile_thin_client Wyse Proprietary OS (Modern ThinOS)

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2022-45099

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.22%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 05:03

Updated-26 Mar, 2025 | 20:20

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-261

Weak Encoding for Password

CWE ID-CWE-276

Incorrect Default Permissions

CVE-2025-24377

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.69%

||

7 Day CHG~0.00%

Published-28 Mar, 2025 | 02:16

Updated-26 Feb, 2026 | 19:09

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-24379

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.74%

||

7 Day CHG~0.00%

Published-28 Mar, 2025 | 02:09

Updated-26 Feb, 2026 | 19:09

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-24378

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.74%

||

7 Day CHG~0.00%

Published-28 Mar, 2025 | 02:12

Updated-26 Feb, 2026 | 19:09

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-24386

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.74%

||

7 Day CHG~0.00%

Published-28 Mar, 2025 | 02:19

Updated-26 Feb, 2026 | 19:08

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-48670

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 11.94%

||

7 Day CHG~0.00%

Published-22 Dec, 2023 | 15:57

Updated-25 Feb, 2026 | 16:34

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.

Vendor-Dell Inc.

Product-supportassist_for_home_pcs SupportAssist Client Consumer

CWE ID-CWE-426

Untrusted Search Path

CVE-2024-53289

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.08% / 22.91%

||

7 Day CHG~0.00%

Published-11 Dec, 2024 | 07:40

Updated-04 Feb, 2025 | 16:13

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Vendor-Dell Inc.

Product-thinos Wyse Proprietary OS (Modern ThinOS)

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2023-44283

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.80%

||

7 Day CHG~0.00%

Published-14 Feb, 2024 | 07:49

Updated-17 Oct, 2024 | 14:29

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs SupportAssist for Home PCs SupportAssist for Business PCs supportassist_for_business_pcs supportassist_for_home_pcs

CWE ID-CWE-284

Improper Access Control

CVE-2025-23375

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.06% / 18.28%

||

7 Day CHG~0.00%

Published-28 Apr, 2025 | 14:28

Updated-26 Feb, 2026 | 18:28

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor-Dell Inc.

Product-powerprotect_data_manager PowerProtect Data Manager

CWE ID-CWE-648

Incorrect Use of Privileged APIs

CVE-2025-22399

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.9||HIGH

EPSS-0.06% / 17.16%

||

7 Day CHG~0.00%

Published-11 Feb, 2025 | 16:24

Updated-06 Dec, 2025 | 00:48

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery

Vendor-Dell Inc.

Product-utility_configuration_collector_edge UCC Edge

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2021-21503

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.12% / 30.64%

||

7 Day CHG~0.00%

Published-08 Mar, 2021 | 21:44

Updated-17 Sep, 2024 | 03:43

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21531

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.1||HIGH

EPSS-0.14% / 34.84%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 21:10

Updated-17 Sep, 2024 | 03:48

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance unisphere_for_powermax solutions_enabler_virtual_appliance powermax_os solutions_enabler Unisphere for PowerMax

CWE ID-CWE-602

Client-Side Enforcement of Server-Side Security

CWE ID-CWE-669

Incorrect Resource Transfer Between Spheres

CVE-2021-21551

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-66.91% / 98.56%

||

7 Day CHG-2.73%

Published-04 May, 2021 | 15:15

Updated-28 Oct, 2025 | 14:05

Known KEV||Action Due Date - 2022-04-21||Apply updates per vendor instructions.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Vendor-Dell Inc.

Product-xps_13_9370 latitude_7210_2_in_1 wyse_5470 inspiron_7391_2-in-1 precision_7540 latitude_5280_mobile_thin_client optiplex_7460_all-in-one vostro_5300 inspiron_3493 inspiron_7386 latitude_5310 latitude_3301 precision_3541 vostro_14_5468 xps_9530 precision_3530 inspiron_5348 optiplex_5260_all-in-one inspiron_3847 inspiron_7786 vostro_3480 inspiron_3647 inspiron_5770 inspiron_5480 latitude_e7270_mobile_thin_client wyse_5070 vostro_3501 inspiron_14-5459 inspiron_5300 optiplex_7450_all-in-one latitude_12_rugged_tablet_7212 vostro_5880 inspiron_3442 optiplex_3080 precision_t1700 latitude_rugged_5424 vostro_5391 latitude_e6430_atg latitude_3300 optiplex_3090_ultra latitude_5401 latitude_7400_2in1 vostro_3580 chengming_3991 latitude_5420 inspiron_14-3452 latitude_5500 precision_t3610 latitude_5410 inspiron_one_2020 vostro_1450 latitude_5300 inspiron_3168 vostro_14_5471 inspiron_660 vostro_3591 latitude_5280 optiplex_390 precision_7530 inspiron_17_5767 optiplex_5050 inspiron_3580 inspiron_7586 latitude_5590 latitude_3550 latitude_3390 optiplex_5040 precision_3930_rack g7_7500 cheng_ming_3967 inspiron_7490 latitude_7285 latitude_e7270 latitude_e7450 optiplex_5480_aio precision_5820_tower inspiron_17-5759 precision_7740 latitude_e6440 inspiron_1545 latitude_7389 vostro_3900 inspiron_3671 latitude_3560 inspiron_5402 latitude_e7440 alienware_m17xr4 vostro_3491 vostro_5502 latitude_3490 inspiron_5494 vostro_3668 latitude_5288 inspiron_5323 inspiron_3881 inspiron_3490 optiplex_3050_aio inspiron_15z precision_m6600 canvas_27 vostro_7500 latitude_e6330 chengming_3988 g7_7590 inspiron_5521 latitude_14_rugged_5414 optiplex_5250_all-in-one optiplex_7480_aio vostro_5490 vostro_5090 latitude_3480 inspiron_5485_2-in-1 vostro_20_3055 inspiron_7737 latitude_7420 vostro_3471 precision_7920_tower inspiron_5408 latitude_3570 xps_8940 inspiron_3581 precision_5540 latitude_e5570 vostro_3660 xps_15_9500 latitude_12_rugged_extreme_7214 vostro_5491 latitude_5520 vostro_3890 precision_m4700 xps_13_9300 inspiron_3043 xps_9550 vostro_5410 g5_5500 inspiron_15_5566 inspiron_14_7460 inspiron_7300 gaming_g3_3590 latitude_3120 inspiron_5400_2-in-1 precision_t7500 alienware_asm100 precision_7710 vostro_3401 inspiron_7520 alienware_17_51m_r2 inspiron_3481 vostro_3681 precision_3620_tower inspiron_1210 thunderbolt_dock_tb18dc latitude_xt3 latitude_5550 precision_7550 alienware_m14xr2 inspiron_2330 latitude_14_rugged_extreme_7404 thunderbolt_dock_tb16 latitude_5289 inspiron_5576 xps_15_9575_2-in-1 vostro_5480 inspiron_3157 inspiron_3471 g5_5000 inspiron_5590 latitude_3189 inspiron_11-3162 alienware_m15_r4 inspiron_3268 inspiron_15_5567 inspiron_5443 latitude_14_rugged_extreme_7414 xps_13_9310 xps_13_9365_2-in-1 g5_5090 latitude_e5540 optiplex_5060 inspiron_3880 optiplex_xe2 inspiron_7501 latitude_5290 latitude_3400 precision_3430_xl inspiron_7591_2-in-1 precision_m4600 xps_one_2710 inspiron_5520 inspiron_3593 optiplex_3070 latitude_e5440 vostro_3500 optiplex_3240_all-in-one latitude_5175 vostro_3470 vostro_5481 inspiron_3543 latitude_e6320 xps_13_9343 inspiron_7472 precision_17_m5750 inspiron_14_gaming_7466 latitude_3190_2-in-1 latitude_e7250 vostro_3888 inspiron_15_7572 inspiron_7500_2-in-1_black vostro_230 inspiron_7359 inspiron_3668 precision_t5610 vostro_5501 latitude_e5430 precision_3550 wyse_7040_thin_client latitude_7290 optiplex_7071 vostro_3400 chengming_3977 inspiron_5570 optiplex_9010 vostro_3901 inspiron_3790 inspiron_7368 vostro_5581 inspiron_13_5370 latitude_3480_mobile_thin_client latitude_7390 inspiron_7537 optiplex_9030_aio inspiron_5491_2-in-1 inspiron_7300_2-in-1 vostro_3252 vostro_5390 latitude_rugged_extreme_7424 g15_5510 inspiron_1564 optiplex_5055_a-serial precision_3431_tower precision_t7810 vostro_3010 vostro_3267 latitude_e5420 inspiron_5676 inspiron_7558 latitude_rugged_extreme_tablet_7220 latitude_3190 xps_17_9700 inspiron_5584 optiplex_7760_aio latitude_e6540 inspiron_7500 optiplex_3046 xps_7590 dock_wd19 precision_3520 optiplex_7040 precision_5510 inspiron_7706_2-in-1 latitude_5300_2-in-1 precision_3440 vostro_3583 inspiron_5598 precision_t5600 optiplex_xe3 inspiron_7791 optiplex_fx130 precision_t5500 xps_13_9360 inspiron_5548 latitude_5285 inspiron_5749 vostro_13_5370 precision_t3600 latitude_5511 vostro_15_3561 g3_3500 precision_3630_tower vostro_5401 alienware_14 latitude_5285_2-in-1 latitude_5480 precision_3640 vostro_2521 inspiron_660s latitude_7310 inspiron_5498 latitude_5400 inspiron_7580 g5_5587 inspiron_one_19 precision_5530 latitude_7490 optiplex_7770_aio inspiron_5481_2-in-1 inspiron_5482 latitude_3410 optiplex_9020 xps_9350 vostro_3800 inspiron_5591_2-in-1 latitude_e5270 g3_3579 latitude_e6230 inspiron_3781 inspiron_20-3052 precision_7820_tower vostro_15_7570 vostro_20_3052 inspiron_5583 optiplex_7050 precision_t7610 latitude_3460_wyse_tc latitude_5250 inspiron_7548 vostro_3581 latitude_9510 latitude_rugged_5420 optiplex_7090_ultra latitude_3590 inspiron_3252 precision_r5500 inspiron_7591 precision_3420_tower g7_7790 embedded_box_pc_5000 vostro_5591 vostro_5590 optiplex_5055_ryzen_cpu inspiron_15_gaming_7577 inspiron_7790 vostro_3481 inspiron_24-3452 precision_7720 inspiron_24-3455 inspiron_3646 inspiron_3670 inspiron_15_gaming_7567 optiplex_7070_ultra precision_7510 inspiron_3780 xps_15_9570 vostro_3690 inspiron_14_5468 optiplex_5055_ryzen_apu latitude_e7470 latitude_3150 alienware_m18xr2 precision_3240_cff inspiron_3584 optiplex_7080 vostro_270 precision_t5810 xps_15_9560 optiplex_5055 vostro_3584 inspiron_1122 inspiron_7306_2-in-1 dock_wd15 inspiron_7391 optiplex_7020 inspiron_5490_aio vostro_3905 inspiron_5409 inspiron_15-5559 optiplex_5080 inspiron_5401 precision_5520 precision_m6700 inspiron_3520 latitude_5490 precision_3510 precision_5530_2-in-1 xps_8900 xps_13_9310_2-in-1 precision_t7910 latitude_3500 vostro_3490 precision_7520 optiplex_3020 precision_3560 inspiron_5423 optiplex_3030_aio vostro_1550 vostro_3671 xps_12_9250 inspiron_7590_2-in-1 inspiron_7746 latitude_12_7285 inspiron_5448 vostro_15_5568 latitude_e5470 optiplex_790 precision_3540 latitude_7275 optiplex_7010 latitude_3580 precision_t3500 inspiron_15_gaming_7566 optiplex_990 precision_3430_tower chengming_3980 latitude_rugged_7424 vostro_220s latitude_3470 vostro_5301 latitude_5310_2-in-1 vostro_3070 inspiron_5501 latitude_5200 xps_13_7390_2-in-1 xps_27_7760 latitude_3310_2-in-1 inspiron_5491_aio latitude_7480 inspiron_5400_aio inspiron_5493 inspiron_7437 optiplex_fx170 alienware_asm100r2 latitude_7410 xps_13_9380 inspiron_15-3552 inspiron_3443 inspiron_5509 latitude_5320 precision_5820_xl_tower optiplex_3040 inspiron_3470 latitude_7520 inspiron_5406_2-in-1 optiplex latitude_3380 g7_7700 inspiron_3793 inspiron_5301 inspiron_3891 vostro_3902 inspiron_15-5565 vostro_3900g inspiron_3437 inspiron_5490 inspiron_3583 latitude_9410 latitude_3340 optiplex_7070 inspiron_3542 inspiron_620 inspiron_5391 latitude_e6220 chengming_3990 vostro_15_7580 latitude_3350 precision_5550 inspiron_3421 vostro_3560 inspiron_7380 latitude_5290_2-in-1 latitude_7400 precision_7730 vostro_5890 g3_3779 latitude_7350 inspiron_3048 inspiron_3655 inspiron_3501 inspiron_5537 latitude_3180 latitude_7200_2-in-1 vostro_3669 vostro_3670 vostro_3881 inspiron_3480 latitude_e5530 wyse_5470_all-in-one inspiron_5577 precision_7820_xl_tower inspiron_580s optiplex_7060 latitude_3450 alienware_area_51 latitude_5495 latitude_5488 inspiron_15_7560 inspiron_3521 optiplex_7440_aio inspiron_5390 inspiron_3537 inspiron_5594 vostro_14-5459 inspiron_7506_2-in-1 latitude_3160 inspiron_3656 optiplex_3050 latitude_5501 inspiron_5508 latitude_5580 vostro_260 xps_13_9305 inspiron_7590 xps_13_7390 optiplex_3280_aio inspiron_24-5475 latitude_7370 precision_7920_xl_tower optiplex_5070 optiplex_5270_aio latitude_5450 latitude_5179 optiplex_3011_aio latitude_5510 inspiron_7559 latitude_7390_2-in-1 optiplex_3010 precision_7750 vostro_7590 precision_5720_aio vostro_14_3458 inspiron_14_gaming_7467 latitude_7280 latitude_e6530 vostro_3667 optiplex_3060 inspiron_7720 latitude_3510 vostro_270s inspiron_3147 g5_5590 latitude_3460 inspiron_3590 g7_7588 latitude_3310 latitude_rugged_extreme_tablet_7220ex latitude_7380 vostro_14-3446 vostro_3590 inspiron_5737 inspiron_5580 inspiron_5593 latitude_5411 precision_3930_xl_rack latitude_3330 latitude_e7240 latitude_3440 optiplex_780 inspiron_5543 chengming_3967 inspiron_7700 optiplex_7780_aio vostro_3268 inspiron_7500_2-in-1_silver inspiron_7390 latitude_5491 inspiron_15_5582_2-in-1 vostro_470 vostro_5402 inspiron_7400 latitude_7300 latitude_5591 precision_3551 xps_8700 latitude_7320 precision_t7600 latitude_e7270_wyse_tc dbutil inspiron_5502 latitude_e6430 dbutil dbutil Driver

CWE ID-CWE-782

Exposed IOCTL with Insufficient Access Control

CVE-2021-21545

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.84%

||

7 Day CHG~0.00%

Published-12 Apr, 2021 | 19:50

Updated-16 Sep, 2024 | 17:44

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.

Vendor-Dell Inc.

Product-peripheral_manager Dell Peripheral Manager

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2025-22480

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7||HIGH

EPSS-0.07% / 20.12%

||

7 Day CHG~0.00%

Published-13 Feb, 2025 | 16:04

Updated-24 Sep, 2025 | 14:45

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.

Vendor-Dell Inc.

Product-supportassist_os_recovery Dell SupportAssist OS Recovery

CWE ID-CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE ID-CWE-61

UNIX Symbolic Link (Symlink) Following

CVE-2021-21601

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.04% / 11.35%

||

7 Day CHG~0.00%

Published-10 Aug, 2021 | 19:05

Updated-17 Sep, 2024 | 03:02

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Vendor-Dell Inc.

Product-emc_integrated_data_protection_appliance emc_data_protection_search Data Protection Search

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-21567

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.04%

||

7 Day CHG~0.00%

Published-10 Aug, 2021 | 19:05

Updated-16 Sep, 2024 | 22:56

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CWE ID-CWE-269

Improper Privilege Management

CVE-2022-32487

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs