DSA-2024-480: Security Update for Dell PowerScale OneFS Security Vulnerability
Summary: Dell PowerScale OneFS remediation is available for a security vulnerability that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
| CVE-2024-48833 |
Dell PowerScale OneFS 9.4.0.x to 9.9.0.x contains an improper neutralization of special elements used in a Command ('Command Injection') vulnerability. A local low privilege attacker could potentially exploit this vulnerability, leading to system takeover. |
7.8 |
|
| CVE-2024-47239 |
Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service. |
6.5 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
| CVE-2024-48833 |
Dell PowerScale OneFS 9.4.0.x to 9.9.0.x contains an improper neutralization of special elements used in a Command ('Command Injection') vulnerability. A local low privilege attacker could potentially exploit this vulnerability, leading to system takeover. |
7.8 |
|
| CVE-2024-47239 |
Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service. |
6.5 |
Affected Products & Remediation
| CVEs Addressed |
Product |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
| CVE-2024-48833, CVE-2024-47239 |
PowerScale OneFS |
Version 8.2.2.x through 9.7.1.2 |
Version 9.7.1.3 or later |
|
| CVE-2024-48833, CVE-2024-47239 |
PowerScale OneFS |
Version 9.4.0.0 through 9.4.0.19 |
Version 9.4.0.20 or later |
|
| CVE-2024-48833, CVE-2024-47239 |
PowerScale OneFS |
Version 9.5.0.0 through 9.5.1.1 |
Version 9.5.1.2 or later |
|
| CVE-2024-48833, CVE-2024-47239 |
PowerScale OneFS |
Version 9.8.0.0 through 9.9.0.0 |
Version 9.9.0.1 or later |
| CVEs Addressed |
Product |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
| CVE-2024-48833, CVE-2024-47239 |
PowerScale OneFS |
Version 8.2.2.x through 9.7.1.2 |
Version 9.7.1.3 or later |
|
| CVE-2024-48833, CVE-2024-47239 |
PowerScale OneFS |
Version 9.4.0.0 through 9.4.0.19 |
Version 9.4.0.20 or later |
|
| CVE-2024-48833, CVE-2024-47239 |
PowerScale OneFS |
Version 9.5.0.0 through 9.5.1.1 |
Version 9.5.1.2 or later |
|
| CVE-2024-48833, CVE-2024-47239 |
PowerScale OneFS |
Version 9.8.0.0 through 9.9.0.0 |
Version 9.9.0.1 or later |
Note:
- We encourage all customers to adopt the Long Term Support (LTS) 2024 version which is 9.7.x code line, with the latest maintenance MR 9.7.1.3.
- For more information on LTS code lines, seeDell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary
Revision History
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-01-07 |
Initial Release |
|
2.0 |
2025-01-16 |
Updated DSA to include CVE-2024-48833 remediation details |
Related Information
Legal Disclaimer
Affected Products
PowerScale OneFSArticle Properties
Article Number: 000269590
Article Type: Dell Security Advisory
Last Modified: 16 Jan 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.