CNNVD-202510-906 Information
CNNVD ID
CNNVD-202510-906
Related CVE
- CNNVD Published: 2025-10-07
Description (Chinese)
Dell PowerProtect Data Domain(Dell PowerProtect DD)是美国戴尔(Dell)公司的一套用于数据保护、备份、存储和重复数据消除的硬件设备。 Dell PowerProtect Data Domain存在操作系统命令注入漏洞,该漏洞源于操作系统命令中特殊元素中和不当,可能导致本地高权限攻击者执行任意命令。以下版本受到影响:7.7.1.0版本至8.3.0.15版本、LTS2025 8.3.1.0版本、LTS2024 7.13.1.0版本至7.13.1.30版本和LTS 2023 7.10.1.0版本至7.10.1.60版本。
Description (English)
Dell PowerProtec Data Domain (Dell PowerProtec DD) is a set of hardware equipment for data protection, backup, storage and duplicate data elimination from Dell, United States. Dell PowerProtec Data Domain has a loophole in the operating system commands, which stems from the incompetence of special elements in the operating system commands, which may lead to the execution of arbitrary orders by local high-authority attackers. The following versions were affected: 7.7.1.0 to 8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0 to 7.1.13.30 and LTS 2023 7.10.0 to 7.10.1.60.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
戴尔
Published
2025-10-07
Last Modified
2026-02-24