DSA-2024-346: Security Update for Dell PowerScale OneFS for Multiple Vulnerabilities

요약: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

이 문서는 다음에 적용됩니다. 이 문서는 다음에 적용되지 않습니다. 이 문서는 특정 제품과 관련이 없습니다. 모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.

영향

High

세부 정보

Third-party Component CVEs More Information
Apache HTTP Server CVE-2023-38709, CVE-2024-24795 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2023-46218, CVE-2023-46219 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
iPerf3 CVE-2023-7250 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libexpat CVE-2024-28757, CVE-2023-52425, CVE-2023-52426 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
pyca/cryptography CVE-2023-49083 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2023-6597, CVE-2024-0450 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2024-6387 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Kerberos CVE-2025-71277 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-39579 Dell PowerScale OneFS, versions prior to 9.8.0.0, contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-39578 Dell PowerScale OneFS, versions prior to 9.8.0.1, contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-39579 Dell PowerScale OneFS, versions prior to 9.8.0.0, contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-39578 Dell PowerScale OneFS, versions prior to 9.8.0.1, contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies는 모든 고객이 CVSS 기본 점수와 관련 임시 및 환경 점수를 모두 고려할 것을 권장합니다. 이 경우 특정 보안 취약성과 관련된 잠재적인 심각도에 영향을 미칠 수 있습니다.

영향을 받는 제품 및 문제 해결

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2023-49083 PowerScale OneFS Versions 8.2.2.0 through 9.4.0.18 Version 9.4.0.19 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 PowerScale OneFS Version 8.2.2.0 through 9.5.0.8 Version 9.5.1.0 or later PowerScale OneFS Downloads Area
CVE-2024-6387 PowerScale OneFS Versions 9.1.0.0 through 9.5.1.0 Version 9.5.1.1 or later PowerScale OneFS Downloads Area
CVE-2024-6387 PowerScale OneFS Versions 9.6.0.0 through 9.7.1.0 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-6597, CVE-2024-0450 PowerScale OneFS Versions 9.5.0.0 through 9.5.0.8 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-38709, CVE-2024-24795, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250, CVE-2025-71277  PowerScale OneFS Versions 8.2.2.0 through 9.7.1.0 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 PowerScale OneFS Versions 9.8.0.0 Version 9.9.0.0 or later PowerScale OneFS Downloads Area
CVE-2024-6387, CVE-2023-38709, CVE-2024-24795, CVE-2025-71277  PowerScale OneFS Versions 9.8.0.0 through 9.8.0.1 Version 9.9.0.0 or later PowerScale OneFS Downloads Area

 

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2023-49083 PowerScale OneFS Versions 8.2.2.0 through 9.4.0.18 Version 9.4.0.19 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 PowerScale OneFS Version 8.2.2.0 through 9.5.0.8 Version 9.5.1.0 or later PowerScale OneFS Downloads Area
CVE-2024-6387 PowerScale OneFS Versions 9.1.0.0 through 9.5.1.0 Version 9.5.1.1 or later PowerScale OneFS Downloads Area
CVE-2024-6387 PowerScale OneFS Versions 9.6.0.0 through 9.7.1.0 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-6597, CVE-2024-0450 PowerScale OneFS Versions 9.5.0.0 through 9.5.0.8 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-38709, CVE-2024-24795, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250, CVE-2025-71277  PowerScale OneFS Versions 8.2.2.0 through 9.7.1.0 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 PowerScale OneFS Versions 9.8.0.0 Version 9.9.0.0 or later PowerScale OneFS Downloads Area
CVE-2024-6387, CVE-2023-38709, CVE-2024-24795, CVE-2025-71277  PowerScale OneFS Versions 9.8.0.0 through 9.8.0.1 Version 9.9.0.0 or later PowerScale OneFS Downloads Area

 

Note:
  1. Any version not listed in the Affected Products and Remediation section should upgrade PowerScale OneFS to a version 9.7.1.2 or later.
  2. We encourage all customers to adopt the LTS 2024 version which is 9.7.x code line, with the latest maintenance MR.
  3. In PowerScale OneFS 9.7.1.2, 9.5.1.1, 9.9.0.0 and later versions, fix for CVE-2024-6387 is ported in existing version of OpenSSH which is OpenSSH_9.3p2 version.
  4. For more information on LTS (Long Term Support) code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary.

개정 내역

RevisionDateDescription
1.02024-08-30Initial Release
2.02024-08-30Updated for enhanced presentation with no changes to content
3.02024-09-09Updated Additional Info section: CVE-2024-6387 remediation plan
4.02024-09-20Updated Additional Info section: CVE-2024-6387 remediation plan details for PowerScale OneFS 9.7.1.2
5.02024-10-03Updated the Affected Products and Remediation table
6.02024-12-10Updated Additional Info section: CVE-2024-6387 remediation plan details for PowerScale OneFS 9.5.1.1
7.02025-10-08Updated the Additional Info section, proprietary code CVE descriptions and remediated versions
8.02025-10-09Minor formatting adjustments
9.02026-07-07Added details for CVE-2025-71277
10.02026-07-07Updated details for Affected versions for CVE-2025-72177

 

관련 정보

해당 제품

PowerScale OneFS
문서 속성
문서 번호: 000228207
문서 유형: Dell Security Advisory
마지막 수정 시간: 07 7월 2026
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.