CVE-2023-25540

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 77.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell EMC Powerscale OnefsDell Powerscale Onefs
Timeline
PublishedFeb 28

Description

Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

NVDdell/emc_powerscale_onefs9.4.0.09.4.0.11
CVEListV5dell/powerscale_onefs9.4.0.0 through 9.4.0.11

Patches

Patch: www.dell.comPatch: www.dell.com

🔴Vulnerability Details

2
CVEList
CVE-2023-25540: Dell PowerScale OneFS 92023-02-28
GHSA
GHSA-gccc-7hmg-c996: Dell PowerScale OneFS 92023-02-28
CVE-2023-25540 (HIGH CVSS 7.1) | Dell PowerScale OneFS 9.4.0.x conta | cvebase.io