Dell Unity: Is Unity affected to CVE-2023-51385 Vulnerability (User Correctable)
Summary: This article details the susceptibility of Dell Unity products to the vulnerability detailed in CVE-2023-51385 Vulnerability.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
OS command injection might occur if a username or hostname has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a username or hostname.
Cause
CVE-2023-51385: https://nvd.nist.gov/vuln/detail/CVE-2023-51385
Resolution
In the Kestrel release which is Unity OE version 5.5, openssh is already of version 8.4p1-150300.3.30.1 which has the fix of CVE-2023-51385. Hence, the Fix is to upgrade the Unity OE version 5.5.
Additional Information
From the SUSE website:
https://www.suse.com/security/cve/CVE-2023-51385.html
SUSE Linux Enterprise Server 15 Affected
Affected Products
Dell EMC Unity, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Hybrid, Dell EMC UnityVSA Professional Edition/Unity Cloud EditionArticle Properties
Article Number: 000254326
Article Type: Solution
Last Modified: 17 Oct 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.