CVE-2024-53298Missing Authorization in Dell Powerscale Onefs

CWE-862Missing Authorization3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Powerscale Onefs
Timeline
PublishedJun 20

Description

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5dell/powerscale_onefs9.5.0.09.10.0.1
NVDdell/powerscale_onefs9.5.0.09.10.0.1

🔴Vulnerability Details

2
GHSA
GHSA-62jj-qrvc-crv5: Dell PowerScale OneFS, versions 92025-06-20
CVEList
CVE-2024-53298: Dell PowerScale OneFS, versions 92025-06-20
CVE-2024-53298 — Missing Authorization in Dell | cvebase