CVE-2024-22449Missing Authentication for Critical Function in Dell Powerscale Onefs

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
7.8HIGHNVD
CNA6.6
EPSS
0.0%
top 91.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Powerscale Onefs
Timeline
PublishedFeb 1

Description

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDdell/powerscale_onefs9.0.09.6.1
CVEListV5dell/powerscale_onefs9.0.0.09.4.0.0+2

🔴Vulnerability Details

2
CVEList
CVE-2024-22449: Dell PowerScale OneFS versions 92024-02-01
GHSA
GHSA-r6xh-8x5q-w7v7: Dell PowerScale OneFS versions 92024-02-01
CVE-2024-22449 — Dell Powerscale Onefs vulnerability | cvebase