CVE-2023-23689 — Uncontrolled Resource Consumption in Dell Powerscale Onefs

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.5%

top 32.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerscale Onefs Dell A2000 Firmware Dell A200 Firmware +6 more

Timeline

PublishedFeb 28

Description

Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data protection mechanism causing a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NVDdell/a2000_firmware7 versions+6

▶CVEListV5dell/powerscale_onefs9.5.0.x, 9.4.0.x, 9.3.0.x, 9.2.1.x, 9.2.0.x, 9.1.0.x, 9.0.0.x

▶NVDdell/a200_firmware7 versions+6

▶NVDdell/f800_firmware7 versions+6

▶NVDdell/f810_firmware7 versions+6

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-8rq7-6h4w-w3xv: Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consu↗2023-02-28

▶

CVEList

CVE-2023-23689: Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consu↗2023-02-28

▶