CVE-2024-24901Insufficient Logging in Dell Powerscale Onefs

CWE-778Insufficient Logging3 documents3 sources
Severity
2.3LOWNVD
CNA3.0
EPSS
0.0%
top 89.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Powerscale Onefs
Timeline
PublishedMar 4

Description

Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages2 packages

NVDdell/powerscale_onefs8.2.09.2.1.25+3
CVEListV5dell/powerscale_onefs8.2.09.2.1.24+3

🔴Vulnerability Details

2
CVEList
CVE-2024-24901: Dell PowerScale OneFS 82024-03-04
GHSA
GHSA-6jqg-q6mq-24mg: Dell PowerScale OneFS 82024-03-04
CVE-2024-24901 — Insufficient Logging in Dell | cvebase