DSA-2023-035: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

摘要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

法律免责声明

受影响的产品

提供反馈

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

查看其他资源

影响

High

详情

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-25536	Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-25540	Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.	6.0	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2023-23689	Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair integrated hardware management functionality and trigger OneFS data protection mechanism causing a denial of service.	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Third-party Component	CVEs	More Information
libxml2	CVE-2022-40304	See NVD for more details.
python38	CVE-2020-10735	See NVD for more details.
Intel Platform	CVE-2021-0153 CVE-2021-0154 CVE-2021-0155 CVE-2021-0159 CVE-2021-0188 CVE-2021-0189 CVE-2021-0190 CVE-2021-33060 CVE-2021-33103 CVE-2021-33122 CVE-2021-33123 CVE-2021-33124 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180	INTEL-SA-00601 INTEL-SA-00686
	CVE-2022-0004 CVE-2021-21131	INTEL-SA-00613 See NVD for details.
	CVE-2022-0778	See NVD for details.
Arista EOS	CVE-2021-28500 CVE-2021-28501 CVE-2021-28503 CVE-2021-28506 CVE-2021-28507 CVE-2021-28496	See NVD for details. See NVD for details. See NVD for details. See NVD for details. See NVD for details. See NVD for details.

NOTE: All PowerScale related CVEs are addressed in the newly released PowerScale OneFS version 9.5.0.0.

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-25536	Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-25540	Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.	6.0	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2023-23689	Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair integrated hardware management functionality and trigger OneFS data protection mechanism causing a denial of service.	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Third-party Component	CVEs	More Information
libxml2	CVE-2022-40304	See NVD for more details.
python38	CVE-2020-10735	See NVD for more details.
Intel Platform	CVE-2021-0153 CVE-2021-0154 CVE-2021-0155 CVE-2021-0159 CVE-2021-0188 CVE-2021-0189 CVE-2021-0190 CVE-2021-33060 CVE-2021-33103 CVE-2021-33122 CVE-2021-33123 CVE-2021-33124 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180	INTEL-SA-00601 INTEL-SA-00686
	CVE-2022-0004 CVE-2021-21131	INTEL-SA-00613 See NVD for details.
	CVE-2022-0778	See NVD for details.
Arista EOS	CVE-2021-28500 CVE-2021-28501 CVE-2021-28503 CVE-2021-28506 CVE-2021-28507 CVE-2021-28496	See NVD for details. See NVD for details. See NVD for details. See NVD for details. See NVD for details. See NVD for details.

NOTE: All PowerScale related CVEs are addressed in the newly released PowerScale OneFS version 9.5.0.0.

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVE(s) Addressed	Product	Affected Version(s)	Updated Version(s)	Link to Update
CVE-2022-40304	PowerScale OneFS	9.1.0.0 through 9.1.0.27 9.2.1.0 through 9.2.1.20 9.4.0.0 through 9.4.0.11	Download and install the latest RUP. >= 9.1.0.28 >= 9.2.1.21 >= 9.4.0.13 >= 9.5.0.0	PowerScale OneFS Downloads Area
CVE-2022-40304	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.
CVE-2023-25536	PowerScale OneFS	9.4.0.0 through 9.4.0.11	Download and install the latest RUP. >= 9.4.0.12
CVE-2023-25540	PowerScale OneFS	9.4.0.0 through 9.4.0.11	Download and install the latest RUP. >= 9.4.0.12
CVE-2020-10735	PowerScale OneFS	9.4.0.0 through 9.4.0.11	Download and install the latest RUP. >= 9.4.0.12
CVE-2021-0153 CVE-2021-0154 CVE-2021-0155 CVE-2021-0159 CVE-2021-0188 CVE-2021-0189 CVE-2021-0190 CVE-2021-33060 CVE-2021-33103 CVE-2021-33122 CVE-2021-33123 CVE-2021-33124 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180	A200 A2000 F800 F810 H400 H500 H600 H5600	9.5.0.x 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x	Download and install the latest NFP version >= 11.6.1
CVE-2022-0004 CVE-2021-21131	A300 A3000 H700 H7000	9.5.0.x 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x
CVE-2022-0778	A300 A3000 H700 H7000	9.5.0.x 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x
CVE-2023-23689	A200 A2000 H400 H500 H600 H5600 F800 F810	9.5.0.x 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x
CVE-2021-28500 CVE-2021-28501 CVE-2021-28503 CVE-2021-28506 CVE-2021-28507 CVE-2021-28496	PowerScale OneFS with Arista Switch Series DCS-7304 and DCS-7308	9.5.0.x 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x	Download and install Arista EOS >=4.28.3

Note: All PowerScale related CVEs are addressed in the newly released PowerScale OneFS version 9.5.0.0

CVE(s) Addressed	Product	Affected Version(s)	Updated Version(s)	Link to Update
CVE-2022-40304	PowerScale OneFS	9.1.0.0 through 9.1.0.27 9.2.1.0 through 9.2.1.20 9.4.0.0 through 9.4.0.11	Download and install the latest RUP. >= 9.1.0.28 >= 9.2.1.21 >= 9.4.0.13 >= 9.5.0.0	PowerScale OneFS Downloads Area
CVE-2022-40304	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.
CVE-2023-25536	PowerScale OneFS	9.4.0.0 through 9.4.0.11	Download and install the latest RUP. >= 9.4.0.12
CVE-2023-25540	PowerScale OneFS	9.4.0.0 through 9.4.0.11	Download and install the latest RUP. >= 9.4.0.12
CVE-2020-10735	PowerScale OneFS	9.4.0.0 through 9.4.0.11	Download and install the latest RUP. >= 9.4.0.12
CVE-2021-0153 CVE-2021-0154 CVE-2021-0155 CVE-2021-0159 CVE-2021-0188 CVE-2021-0189 CVE-2021-0190 CVE-2021-33060 CVE-2021-33103 CVE-2021-33122 CVE-2021-33123 CVE-2021-33124 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180	A200 A2000 F800 F810 H400 H500 H600 H5600	9.5.0.x 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x	Download and install the latest NFP version >= 11.6.1
CVE-2022-0004 CVE-2021-21131	A300 A3000 H700 H7000	9.5.0.x 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x
CVE-2022-0778	A300 A3000 H700 H7000	9.5.0.x 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x
CVE-2023-23689	A200 A2000 H400 H500 H600 H5600 F800 F810	9.5.0.x 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x
CVE-2021-28500 CVE-2021-28501 CVE-2021-28503 CVE-2021-28506 CVE-2021-28507 CVE-2021-28496	PowerScale OneFS with Arista Switch Series DCS-7304 and DCS-7308	9.5.0.x 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x	Download and install Arista EOS >=4.28.3

Note: All PowerScale related CVEs are addressed in the newly released PowerScale OneFS version 9.5.0.0

解决方法和缓解措施

CVEs	Workarounds
CVE-2023-25540	Manually set the permissions of /ifs/.ifsvar/modules/security_check to 755. #chmod 755 /ifs/.ifsvar/modules/security_check
CVE-2023-25536	Manually remove the self-signed certificates on cluster nodes. #isi_for_array "test -e /etc/ssl/certs/4a7a8630.0 && rm -f /etc/ssl/certs/4a7a8630.0 \|\| exit 0"

修订历史记录

Revision	Date	Description
1.0	2023-02-28	Initial release
1.1	2023-03-02	Added CVE-2023-25536 and updated Workaround and Mitigation section.
1.2	2023-05-17	Added Arista EOS CVEs

法律免责声明

受影响的产品

PowerScale OneFS, PowerScale Archive A300, PowerScale Archive A3000, PowerScale Hybrid H700, PowerScale Hybrid H7000, Product Security Information

文章编号: 000209895

文章类型: Dell Security Advisory

上次修改时间: 19 9月 2025

DSA-2023-035: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

摘要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

DSA-2023-035: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

摘要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

详细文章

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务