Severity
High
Analysis Summary
CVE-2023-25940 CVSS:6.7
Dell EMC PowerScale OneFS could allow a local authenticated attacker to bypass security restrictions, caused by improper link resolution before file access in isi_gather_info. An attacker could exploit this vulnerability to take over the system and break compliance mode guarantees.
CVE-2023-25941 CVSS:7.8
Dell EMC PowerScale OneFS could allow a local authenticated attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability to gain elevated privileges on the system and break the compliance mode guarantee, or cause a denial of service or obtain sensitive information.
CVE-2023-25942 CVSS:6.5
Dell EMC PowerScale OneFS is vulnerable to a denial of service, caused by uncontrolled resource consumption. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Privilege Escalation
- Denial of Service
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-25940
- CVE-2023-25941
- CVE-2023-25942
Affected Vendors
Dell
Affected Products
- Dell PowerScale OneFS 9.5.0.0
- Dell PowerScale OneFS 9.1.0.19
- Dell PowerScale OneFS 9.1.0.25
- Dell PowerScale OneFS 9.2.1.12
- Dell PowerScale OneFS 9.2.1.13
- Dell PowerScale OneFS 9.2.1.18
- Dell PowerScale OneFS 9.3.0.6
- Dell PowerScale OneFS 9.4.0.0
- Dell PowerScale OneFS 9.4.0.11
- Dell PowerScale OneFS 9.4.0.3
Remediation
Refer to Dell DSA Identifier for patch, upgrade or suggested workaround information.