High
Third-Party Component | CVEs | More information |
---|---|---|
Python | CVE-2022-48566 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Python | CVE-2022-48560, CVE-2023-41105, CVE-2022-48564, CVE-2023-40217, CVE-2022-45061 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
GNU Screen | CVE-2023-24626, CVE-2015-6806, CVE-2009-1214, CVE-2009-1215 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
Curl | CVE-2023-38545, CVE-2023-38546 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
OpenSSL | CVE-2023-3446 | https://nvd.nist.gov/vuln/detail/CVE-2023-3446 |
python-certifi | CVE-2023-37920 | https://nvd.nist.gov/vuln/detail/CVE-2023-37920 |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-22449 | Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
CVE-2024-22430 | Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-22449 | Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
CVE-2024-22430 | Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVEs Addressed | Product | Affected Version | Remediated Version | Link |
---|---|---|---|---|
CVE-2023-24626, CVE-2015-6806, CVE-2009-1214, CVE-2009-1215, CVE-2024-22430, CVE-2023-3446, CVE-2023-37920 | PowerScale OneFS | Versions 8.2.0 through 8.2.2 | Version 9.5.0.7 or later | PowerScale OneFS Downloads Area |
CVE-2024-22449, CVE-2024-22430, CVE-2023-38545, CVE-2023-38546, CVE-2023-3446, CVE-2023-24626, CVE-2015-6806, CVE-2009-1215, CVE-2009-1214 | PowerScale OneFS | Versions 9.0.0.0 through 9.4.0.0 | Version 9.5.0.7 or later | PowerScale OneFS Downloads Area |
CVE-2024-22449, CVE-2024-22430, CVE-2023-41105, CVE-2023-40217, CVE-2023-38546, CVE-2023-38545, CVE-2023-3446, CVE-2023-24626, CVE-2023-37920, CVE-2022-48566, CVE-2022-48564, CVE-2022-48560, CVE-2015-6806, CVE-2009-1215, CVE-2009-1214, CVE-2022-45061 | PowerScale OneFS | Versions 9.5.0.0 through 9.5.0.6 | Version 9.5.0.7 or later, Version 9.7.0.0 or later | PowerScale OneFS Downloads Area |
CVE-2024-22449, CVE-2024-22430, CVE-2023-41105, CVE-2023-40217, CVE-2023-38546, CVE-2023-38545, CVE-2023-3446, CVE-2023-24626, CVE-2023-37920, CVE-2022-48566, CVE-2022-48564, CVE-2022-48560, CVE-2015-6806, CVE-2009-1215, CVE-2009-1214 | PowerScale OneFS | Version 9.6.1.0 | Version 9.7.0.0 or later | PowerScale OneFS Downloads Area |
CVEs Addressed | Product | Affected Version | Remediated Version | Link |
---|---|---|---|---|
CVE-2023-24626, CVE-2015-6806, CVE-2009-1214, CVE-2009-1215, CVE-2024-22430, CVE-2023-3446, CVE-2023-37920 | PowerScale OneFS | Versions 8.2.0 through 8.2.2 | Version 9.5.0.7 or later | PowerScale OneFS Downloads Area |
CVE-2024-22449, CVE-2024-22430, CVE-2023-38545, CVE-2023-38546, CVE-2023-3446, CVE-2023-24626, CVE-2015-6806, CVE-2009-1215, CVE-2009-1214 | PowerScale OneFS | Versions 9.0.0.0 through 9.4.0.0 | Version 9.5.0.7 or later | PowerScale OneFS Downloads Area |
CVE-2024-22449, CVE-2024-22430, CVE-2023-41105, CVE-2023-40217, CVE-2023-38546, CVE-2023-38545, CVE-2023-3446, CVE-2023-24626, CVE-2023-37920, CVE-2022-48566, CVE-2022-48564, CVE-2022-48560, CVE-2015-6806, CVE-2009-1215, CVE-2009-1214, CVE-2022-45061 | PowerScale OneFS | Versions 9.5.0.0 through 9.5.0.6 | Version 9.5.0.7 or later, Version 9.7.0.0 or later | PowerScale OneFS Downloads Area |
CVE-2024-22449, CVE-2024-22430, CVE-2023-41105, CVE-2023-40217, CVE-2023-38546, CVE-2023-38545, CVE-2023-3446, CVE-2023-24626, CVE-2023-37920, CVE-2022-48566, CVE-2022-48564, CVE-2022-48560, CVE-2015-6806, CVE-2009-1215, CVE-2009-1214 | PowerScale OneFS | Version 9.6.1.0 | Version 9.7.0.0 or later | PowerScale OneFS Downloads Area |
CVE | Workaround and Mitigation |
---|---|
CVE-2024-22430 | This vulnerability only applies when customers are given ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to users. This vulnerability can be mitigated on new version of PowerScale OneFS i.e. 9.5 or later by enabling the restricted shell for users. More information regarding restricted shell can be found at: OneFS Restricted Shell | Dell Technologies Info Hub The following workaround is only applicable to a non-compliance mode cluster. If there are users with restricted shell is not enabled, then root user should restrict the permissions for isi_upgrade_force and isi_upgrade_message on every node as follows: #chmod 500 /usr/sbin/isi_upgrade_force #chmod 500 /usr/sbin/isi_upgrade_message Or execute below command on any one node: #isi_for_array chmod 500 /usr/sbin/isi_upgrade_force #isi_for_array chmod 500 /usr/sbin/isi_upgrade_message |
CVE-2024-22449 | This vulnerability only applies when customers are given ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to users. This vulnerability can be mitigated on new version of PowerScale OneFS i.e. 9.5 or later by enabling the restricted shell for users. More information regarding restricted shell can be found at: OneFS Restricted Shell | Dell Technologies Info Hub |
Revision | Date | Description |
---|---|---|
1.0 | 2024-02-01 | Initial Release |