DSA-2023-277: Security Update for Dell PowerScale OneFS for Improper Privilege Management Vulnerability

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell PowerScale OneFS remediation is available for improper privilege management vulnerability that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

High

Details

Proprietary Code CVE	Description	CVSS Base Score	CVSS Vector String
CVE-2023-32457	Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVE	Description	CVSS Base Score	CVSS Vector String
CVE-2023-32457	Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVE Addressed	Product	Affected Versions	Remediated Versions	Link
CVE-2023-32457	PowerScale OneFS	Version 9.2.1.0 through 9.2.1.22	Version 9.2.1.23 or later, Version 9.4.0.14 or later, Version 9.5.0.5 or later	https://www.dell.com/support/home/product-support/product/isilon-onefs/drivers
CVE-2023-32457	PowerScale OneFS	Version 9.4.0.0 through 9.4.0.13	Version 9.4.0.14 or later, Version 9.5.0.5 or later	https://www.dell.com/support/home/product-support/product/isilon-onefs/drivers
CVE-2023-32457	PowerScale OneFS	Version 9.5.0.0 through 9.5.0.3	Version 9.5.0.5 or later	https://www.dell.com/support/home/product-support/product/isilon-onefs/drivers

CVE Addressed	Product	Affected Versions	Remediated Versions	Link
CVE-2023-32457	PowerScale OneFS	Version 9.2.1.0 through 9.2.1.22	Version 9.2.1.23 or later, Version 9.4.0.14 or later, Version 9.5.0.5 or later	https://www.dell.com/support/home/product-support/product/isilon-onefs/drivers
CVE-2023-32457	PowerScale OneFS	Version 9.4.0.0 through 9.4.0.13	Version 9.4.0.14 or later, Version 9.5.0.5 or later	https://www.dell.com/support/home/product-support/product/isilon-onefs/drivers
CVE-2023-32457	PowerScale OneFS	Version 9.5.0.0 through 9.5.0.3	Version 9.5.0.5 or later	https://www.dell.com/support/home/product-support/product/isilon-onefs/drivers

Any version not listed in the Affected Products and Remediation section should upgrade PowerScale OneFS to a version 9.5.0.5 or later.

We encourage all customers to adopt the LTS 2023 version which is 9.5.x code line, with the latest maintenance RUP 9.5.0.5. For more information on LTS (Long Term Support) code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary

Workarounds & Mitigations

CVE	Workarounds
CVE-2023-32457	This vulnerability can be mitigated by performing following steps: Check/remove membership from any roles when deleting user or group from local provider until upgrade to fixed version. Review all roles members for non-existent/unintended user or group for correction. Following command will provide the lists of roles and users membership: for zone in $(isi zone zones list -az \| awk ' { print $1 } ') ; do for role in $(isi auth roles list -az --zone $zone \| awk ' { print $1 } '); do echo "Zone: $zone\tRole: $role" ; isi auth roles members list $role -v --zone $zone \| grep -v -- --; echo; done; done In addition to upgrading your version of OneFS or downloading and installing the latest RUP, please perform step 2 to remove any past mis-mapping.

CVE

Workarounds

CVE-2023-32457

This vulnerability can be mitigated by performing following steps:

Check/remove membership from any roles when deleting user or group from local provider until upgrade to fixed version.
Review all roles members for non-existent/unintended user or group for correction. Following command will provide the lists of roles and users membership:

for zone in $(isi zone zones list -az | awk ' { print $1 } ') ; do for role in $(isi auth roles list -az --zone $zone | awk ' { print $1 } '); do echo "Zone: $zone\tRole: $role" ; isi auth roles members list $role -v --zone $zone | grep -v -- --; echo; done; done

In addition to upgrading your version of OneFS or downloading and installing the latest RUP, please perform step 2 to remove any past mis-mapping.

Revision History

Revision	Date	Description
1.0	2023-08-29	Initial Release

Related Information

Legal Disclaimer

Affected Products

PowerScale OneFS

Article Number: 000216916

Article Type: Dell Security Advisory

Last Modified: 19 Sep 2025

Check if your device is covered by Support Services.

DSA-2023-277: Security Update for Dell PowerScale OneFS for Improper Privilege Management Vulnerability

Summary: Dell PowerScale OneFS remediation is available for improper privilege management vulnerability that could be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services