DSA-2024-346: Security Update for Dell PowerScale OneFS for Multiple Vulnerabilities
Sammendrag: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Denne artikkelen gjelder for
Denne artikkelen gjelder ikke for
Denne artikkelen er ikke knyttet til noe bestemt produkt.
Det er ikke produktversjonene som identifiseres i denne artikkelen.
Påvirkning
High
Detaljer
| Third-party Component | CVEs | More Information |
| Apache HTTP Server | CVE-2023-38709, CVE-2024-24795 | https://nvd.nist.gov/vuln/search |
| Curl | CVE-2023-46218, CVE-2023-46219 | https://nvd.nist.gov/vuln/search |
| iPerf3 | CVE-2023-7250 | https://nvd.nist.gov/vuln/search |
| libexpat | CVE-2024-28757, CVE-2023-52425, CVE-2023-52426 | https://nvd.nist.gov/vuln/search |
| pyca/cryptography | CVE-2023-49083 | https://nvd.nist.gov/vuln/search |
| Python | CVE-2023-6597, CVE-2024-0450 | https://nvd.nist.gov/vuln/search |
| OpenSSH | CVE-2024-6387 | https://nvd.nist.gov/vuln/search |
| Kerberos | CVE-2025-71277 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-39579 | Dell PowerScale OneFS, versions prior to 9.8.0.0, contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-39578 | Dell PowerScale OneFS, versions prior to 9.8.0.1, contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 6.3 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-39579 | Dell PowerScale OneFS, versions prior to 9.8.0.0, contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-39578 | Dell PowerScale OneFS, versions prior to 9.8.0.1, contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 6.3 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H |
Berørte produkter og utbedring
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2023-49083 | PowerScale OneFS | Versions 8.2.2.0 through 9.4.0.18 | Version 9.4.0.19 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Version 8.2.2.0 through 9.5.0.8 | Version 9.5.1.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.1.0.0 through 9.5.1.0 | Version 9.5.1.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.6.0.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-6597, CVE-2024-0450 | PowerScale OneFS | Versions 9.5.0.0 through 9.5.0.8 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-38709, CVE-2024-24795, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250, CVE-2025-71277 | PowerScale OneFS | Versions 8.2.2.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Versions 9.8.0.0 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387, CVE-2023-38709, CVE-2024-24795, CVE-2025-71277 | PowerScale OneFS | Versions 9.8.0.0 through 9.8.0.1 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2023-49083 | PowerScale OneFS | Versions 8.2.2.0 through 9.4.0.18 | Version 9.4.0.19 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Version 8.2.2.0 through 9.5.0.8 | Version 9.5.1.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.1.0.0 through 9.5.1.0 | Version 9.5.1.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.6.0.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-6597, CVE-2024-0450 | PowerScale OneFS | Versions 9.5.0.0 through 9.5.0.8 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-38709, CVE-2024-24795, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250, CVE-2025-71277 | PowerScale OneFS | Versions 8.2.2.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Versions 9.8.0.0 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387, CVE-2023-38709, CVE-2024-24795, CVE-2025-71277 | PowerScale OneFS | Versions 9.8.0.0 through 9.8.0.1 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
Note:
- Any version not listed in the Affected Products and Remediation section should upgrade PowerScale OneFS to a version 9.7.1.2 or later.
- We encourage all customers to adopt the LTS 2024 version which is 9.7.x code line, with the latest maintenance MR.
- In PowerScale OneFS 9.7.1.2, 9.5.1.1, 9.9.0.0 and later versions, fix for CVE-2024-6387 is ported in existing version of OpenSSH which is OpenSSH_9.3p2 version.
- For more information on LTS (Long Term Support) code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary.
Endringshistorikk
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-08-30 | Initial Release |
| 2.0 | 2024-08-30 | Updated for enhanced presentation with no changes to content |
| 3.0 | 2024-09-09 | Updated Additional Info section: CVE-2024-6387 remediation plan |
| 4.0 | 2024-09-20 | Updated Additional Info section: CVE-2024-6387 remediation plan details for PowerScale OneFS 9.7.1.2 |
| 5.0 | 2024-10-03 | Updated the Affected Products and Remediation table |
| 6.0 | 2024-12-10 | Updated Additional Info section: CVE-2024-6387 remediation plan details for PowerScale OneFS 9.5.1.1 |
| 7.0 | 2025-10-08 | Updated the Additional Info section, proprietary code CVE descriptions and remediated versions |
| 8.0 | 2025-10-09 | Minor formatting adjustments |
| 9.0 | 2026-07-07 | Added details for CVE-2025-71277 |
| 10.0 | 2026-07-07 | Updated details for Affected versions for CVE-2025-72177 |
Relatert informasjon
Juridisk ansvarsfraskrivelse
Berørte produkter
PowerScale OneFSArtikkelegenskaper
Artikkelnummer: 000228207
Artikkeltype: Dell Security Advisory
Sist endret: 07 jul. 2026
Få svar på spørsmålene dine fra andre Dell-brukere
Støttetjenester
Sjekk om enheten din er dekket av støttetjenestene.