Request a Demo
Rewterz
Bitter APT Group – Active IOCs
May 29, 2024
Rewterz
MeterPreter Malware – Active IOCs
May 30, 2024

Multiple Dell PowerScale OneFS Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-25966 CVSS:5.3

Dell PowerScale OneFS is vulnerable to a denial of service, caused by an improper handling of unexpected data type vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-25970 CVSS:6.5

Dell PowerScale OneFS could provide weaker than expected security, caused by an improper input validation vulnerability. A remote authenticated attacker could exploit this vulnerability to loss of integrity.

CVE-2024-25969 CVSS:6.2

Dell PowerScale OneFS is vulnerable to a denial of service, caused by an allocation of resources without limits or throttling vulnerability. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-25965 CVSS:6.1

Dell PowerScale OneFS is vulnerable to a denial of service, caused by an external control of file name or path vulnerability. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-25967 CVSS:6.7

Dell PowerScale OneFS could allow a local authenticated attacker to gain elevated privileges on the system, caused by an execution with unnecessary privileges vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-25968 CVSS:5.9

Dell PowerScale OneFS could allow a remote attacker to obtain sensitive information, caused by a use of a broken or risky cryptographic algorithm vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.

Impact

  • Denial of Service
  • Gain Access
  • Privilege Escalation
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-25966
  • CVE-2024-25970
  • CVE-2024-25969
  • CVE-2024-25965
  • CVE-2024-25967
  • CVE-2024-25968

Affected Vendors

Dell

Affected Products

  • Dell PowerScale OneFS 9.7.0.1
  • Dell PowerScale OneFS 9.7.0.2

Remediation

Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.

Dell Security Advisory