Bitter APT Group – Active IOCs

May 29, 2024

MeterPreter Malware – Active IOCs

May 30, 2024

Multiple Dell PowerScale OneFS Vulnerabilities

May 29, 2024

Severity

Medium

Analysis Summary

CVE-2024-25966 CVSS:5.3

Dell PowerScale OneFS is vulnerable to a denial of service, caused by an improper handling of unexpected data type vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-25970 CVSS:6.5

Dell PowerScale OneFS could provide weaker than expected security, caused by an improper input validation vulnerability. A remote authenticated attacker could exploit this vulnerability to loss of integrity.

CVE-2024-25969 CVSS:6.2

Dell PowerScale OneFS is vulnerable to a denial of service, caused by an allocation of resources without limits or throttling vulnerability. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-25965 CVSS:6.1

Dell PowerScale OneFS is vulnerable to a denial of service, caused by an external control of file name or path vulnerability. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-25967 CVSS:6.7

Dell PowerScale OneFS could allow a local authenticated attacker to gain elevated privileges on the system, caused by an execution with unnecessary privileges vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-25968 CVSS:5.9

Dell PowerScale OneFS could allow a remote attacker to obtain sensitive information, caused by a use of a broken or risky cryptographic algorithm vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.

Impact

Denial of Service
Gain Access
Privilege Escalation
Information Disclosure

Indicators of Compromise

CVE

CVE-2024-25966
CVE-2024-25970
CVE-2024-25969
CVE-2024-25965
CVE-2024-25967
CVE-2024-25968

Affected Vendors

Dell

Affected Products

Dell PowerScale OneFS 9.7.0.1
Dell PowerScale OneFS 9.7.0.2

Remediation

Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.

Dell Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

iOS Activation Bug Allows Unauthenticated XML Injection

Critical Threat: Gunra Ransomware Targets Critical Sectors Worldwide – Active IOCs

Lyrix Ransomware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us