CVE-2023-32492 — Incorrect Default Permissions in Dell Powerscale Onefs

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

7.1HIGHNVD

CNA5.3

EPSS

0.0%

top 90.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerscale Onefs

Timeline

PublishedAug 16

Description

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDdell/powerscale_onefs9.2.1.0 — 9.2.1.22+2

▶CVEListV5dell/powerscale_onefsVersion 9.5.0.0 through 9.5.0.3

🔴Vulnerability Details

CVEList

CVE-2023-32492: Dell PowerScale OneFS 9↗2023-08-16

▶

GHSA

GHSA-g8r4-3c55-hq3m: Dell PowerScale OneFS 9↗2023-08-16

▶