Critical
Third-Party Component | CVEs | More information |
---|---|---|
FreeBSD C library (libc) | CVE-2023-5941 | https://nvd.nist.gov/vuln/detail/CVE-2023-5941 |
PCRE | CVE-2017-7246, CVE-2017-11164, CVE-2017-7244, CVE-2020-14155 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
follow-redirects | CVE-2023-26159 | https://nvd.nist.gov/vuln/detail/CVE-2023-26159 |
OpenSSH | CVE-2023-48795, CVE-2023-51385, CVE-2023-51384 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-25959 | Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. | 7.9 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L |
CVE-2024-25960 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2024-25961 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2024-25952 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2024-25953 | Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2024-25963 | Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
CVE-2024-25954 | Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-25959 | Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. | 7.9 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L |
CVE-2024-25960 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2024-25961 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2024-25952 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2024-25953 | Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2024-25963 | Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
CVE-2024-25954 | Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2023-5941, CVE-2017-7246, CVE-2017-11164, CVE-2017-7244, CVE-2020-14155, CVE-2024-25960, CVE-2023-26159, CVE-2024-25961, CVE-2024-25952, CVE-2023-48795, CVE-2023-51385, CVE-2023-51384, CVE-2024-25963 | PowerScale OneFS | Version 8.2.2 through 9.3.0.0 | Version 9.5.0.8 or later | PowerScale OneFS Downloads Area |
CVE-2024-25960, CVE-2023-26159, CVE-2024-25961, CVE-2024-25952, CVE-2023-48795, CVE-2023-51385, CVE-2023-51384, CVE-2024-25953, CVE-2024-25963 | PowerScale OneFS | Version 9.4.0.0 through 9.4.0.16 | Version 9.5.0.8 or later | PowerScale OneFS Downloads Area |
CVE-2017-7246, CVE-2017-11164, CVE-2017-7244, CVE-2020-14155, CVE-2023-5941, CVE-2024-25960, CVE-2024-25959 | PowerScale OneFS | Version 9.4.0.0 through 9.4.0.16 | Version 9.4.0.17 or later | PowerScale OneFS Downloads Area |
CVE-2023-5941, CVE-2024-25959, CVE-2017-7246, CVE-2017-11164, CVE-2017-7244, CVE-2020-14155, CVE-2024-25960, CVE-2023-26159, CVE-2024-25961, CVE-2024-25952, CVE-2024-25953, CVE-2023-48795, CVE-2023-51385, CVE-2023-51384, CVE-2024-25954, CVE-2024-25963 | PowerScale OneFS | Version 9.5.0.0 through 9.5.0.7 | Version 9.5.0.8 or later | PowerScale OneFS Downloads Area |
CVE-2023-5941, CVE-2024-25959, CVE-2017-7246, CVE-2017-11164, CVE-2017-7244, CVE-2020-14155, CVE-2024-25960, CVE-2023-26159, CVE-2024-25961, CVE-2024-25952, CVE-2024-25953, CVE-2023-48795, CVE-2023-51385, CVE-2023-51384, CVE-2024-25954, CVE-2024-25963 | PowerScale OneFS | Version 9.6.1.0 through 9.7.0.0 | Version 9.7.0.2 or later | PowerScale OneFS Downloads Area |
CVE-2024-25959, CVE-2024-25960, CVE-2024-25961, CVE-2024-25952, CVE-2024-25953, CVE-2024-25954 | PowerScale OneFS | Version 9.7.0.0 through 9.7.0.1 | Version 9.7.0.2 or later | PowerScale OneFS Downloads Area |
CVE-2023-26159, CVE-2023-48795, CVE-2023-51385, CVE-2023-51384 | PowerScale OneFS | Version 9.7.0.0 through 9.7.0.2 | Version 9.7.0.3 or later | PowerScale OneFS Downloads Area |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2023-5941, CVE-2017-7246, CVE-2017-11164, CVE-2017-7244, CVE-2020-14155, CVE-2024-25960, CVE-2023-26159, CVE-2024-25961, CVE-2024-25952, CVE-2023-48795, CVE-2023-51385, CVE-2023-51384, CVE-2024-25963 | PowerScale OneFS | Version 8.2.2 through 9.3.0.0 | Version 9.5.0.8 or later | PowerScale OneFS Downloads Area |
CVE-2024-25960, CVE-2023-26159, CVE-2024-25961, CVE-2024-25952, CVE-2023-48795, CVE-2023-51385, CVE-2023-51384, CVE-2024-25953, CVE-2024-25963 | PowerScale OneFS | Version 9.4.0.0 through 9.4.0.16 | Version 9.5.0.8 or later | PowerScale OneFS Downloads Area |
CVE-2017-7246, CVE-2017-11164, CVE-2017-7244, CVE-2020-14155, CVE-2023-5941, CVE-2024-25960, CVE-2024-25959 | PowerScale OneFS | Version 9.4.0.0 through 9.4.0.16 | Version 9.4.0.17 or later | PowerScale OneFS Downloads Area |
CVE-2023-5941, CVE-2024-25959, CVE-2017-7246, CVE-2017-11164, CVE-2017-7244, CVE-2020-14155, CVE-2024-25960, CVE-2023-26159, CVE-2024-25961, CVE-2024-25952, CVE-2024-25953, CVE-2023-48795, CVE-2023-51385, CVE-2023-51384, CVE-2024-25954, CVE-2024-25963 | PowerScale OneFS | Version 9.5.0.0 through 9.5.0.7 | Version 9.5.0.8 or later | PowerScale OneFS Downloads Area |
CVE-2023-5941, CVE-2024-25959, CVE-2017-7246, CVE-2017-11164, CVE-2017-7244, CVE-2020-14155, CVE-2024-25960, CVE-2023-26159, CVE-2024-25961, CVE-2024-25952, CVE-2024-25953, CVE-2023-48795, CVE-2023-51385, CVE-2023-51384, CVE-2024-25954, CVE-2024-25963 | PowerScale OneFS | Version 9.6.1.0 through 9.7.0.0 | Version 9.7.0.2 or later | PowerScale OneFS Downloads Area |
CVE-2024-25959, CVE-2024-25960, CVE-2024-25961, CVE-2024-25952, CVE-2024-25953, CVE-2024-25954 | PowerScale OneFS | Version 9.7.0.0 through 9.7.0.1 | Version 9.7.0.2 or later | PowerScale OneFS Downloads Area |
CVE-2023-26159, CVE-2023-48795, CVE-2023-51385, CVE-2023-51384 | PowerScale OneFS | Version 9.7.0.0 through 9.7.0.2 | Version 9.7.0.3 or later | PowerScale OneFS Downloads Area |
CVEs | Workaround and Mitigation |
---|---|
CVE-2024-25960, CVE-2024-25961, CVE-2024-25952, CVE-2024-25953 | This vulnerability only applies when customers are given ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to users. Mitigations: This vulnerability can be mitigated on new version of PowerScale OneFS i.e. 9.5 or later by enabling the restricted shell for users. More information regarding restricted shell can be found at: OneFS Restricted Shell | Dell Technologies Info Hub |
CVE-2023-48795 | This vulnerability can be mitigated by removing the chacha20-poly1305@openssh.com from isi ssh settings modify --ciphers=aes192-ctr,aes256-ctr,aes256-gcm@openssh.com |
Revision | Date | Description |
---|---|---|
1.0 | 2024-03-28 | Initial Release |
2.0 | 2024-04-29 | Updated for enhanced presentation with no changes to content |
3.0 | 2024-04-29 | Updated for enhanced presentation with no changes to content |
4.0 | 2024-04-29 | Updated CVE Identifier, Third Party Components, and Affected Products and Remediation sections: Added CVE-2023-51384 and CVE-2023-51385; Added Workaround details for CVE-2023-48795 |
5.0 | 2024-06-06 | Updated Affected Products and Remediation section: Remediated Version 9.7.0.3 or later |
6.0 | 2024-10-03 | Updated for enhanced presentation with no changes to content |
7.0 | 2024-10-03 | Updated for enhanced presentation with no changes to content |