CNNVD-202509-3952 Information

CNNVD ID

CNNVD-202509-3952

Related CVE

CVE-2025-43943

• CNNVD Published: 2025-09-25

Description (Chinese)

Dell Cloud Disaster Recovery是美国戴尔（Dell）公司的一款灾难恢复工具。 Dell Cloud Disaster Recovery 19.20之前版本存在操作系统命令注入漏洞，该漏洞源于对OS命令中特殊元素中和不当，可能导致本地高权限攻击者执行任意命令。

Description (English)

Dell Cloud Disaster Recovery is a disaster recovery tool for Dell Corporation in the United States. There was a loophole in the operating system order from the previous version of Dell Cloud Disaster Recovery 19.20, which stemmed from the misalignment of special elements in the OS order and could lead to arbitrary orders being carried out by local high-authority attackers.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

DEK

Published

2025-09-25

Last Modified

2026-02-24

References

https://www.dell.com/support/kbdoc/en-us/000372457/dsa-2025-354-security-update-for-dell-cloud-disaster-recovery-rce-vulnerability

Patch

https://www.dell.com/support/kbdoc/en-us/000372457/dsa-2025-354-security-update-for-dell-cloud-disaster-recovery-rce-vulnerability