文章编号: 000211539

DSA-2023-102: Dell EMC PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

摘要: Dell EMC PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

文章内容

影响

Critical

详情

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-25941	Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-25940	Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-25942	Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Third-Party Component	CVEs	CVSS Vector String
Apache	CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813	See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details.
FreeBSD	CVE-2019-15876	See NVD for more details.

Note: CVE-2023-25941 and CVE-2023-25940 are only applicable to compliance mode clusters and both are business critical as it breaks compliance mode guarantee.

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-25941	Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-25940	Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-25942	Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Third-Party Component	CVEs	CVSS Vector String
Apache	CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813	See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details.
FreeBSD	CVE-2019-15876	See NVD for more details.

Note: CVE-2023-25941 and CVE-2023-25940 are only applicable to compliance mode clusters and both are business critical as it breaks compliance mode guarantee.

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813	PowerScale OneFS	9.1.0.0 through 9.1.0.27 9.2.1.0 through 9.2.1.20 9.4.0.0 through 9.4.0.12	Download and install the latest RUP. >= 9.1.0.28 >= 9.2.1.21 >= 9.4.0.13	PowerScale OneFS Downloads Area
	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.
CVE-2023-25941	PowerScale OneFS	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0 through 9.5.0.1	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.2
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.
CVE-2023-25940	PowerScale OneFS	9.5.0.0	Download and install the latest RUP. >= 9.5.0.1
CVE-2023-25942	PowerScale OneFS	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.1
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.
CVE-2019-15876	PowerScale OneFS with Gen6 H5600 node	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.1
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813	PowerScale OneFS	9.1.0.0 through 9.1.0.27 9.2.1.0 through 9.2.1.20 9.4.0.0 through 9.4.0.12	Download and install the latest RUP. >= 9.1.0.28 >= 9.2.1.21 >= 9.4.0.13	PowerScale OneFS Downloads Area
	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.
CVE-2023-25941	PowerScale OneFS	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0 through 9.5.0.1	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.2
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.
CVE-2023-25940	PowerScale OneFS	9.5.0.0	Download and install the latest RUP. >= 9.5.0.1
CVE-2023-25942	PowerScale OneFS	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.1
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.
CVE-2019-15876	PowerScale OneFS with Gen6 H5600 node	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.1
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.

修订历史记录

Revision	Date	Description
1.0	2023-03-23	Initial Release
1.1	2023-06-19	Updated CVE description for CVE-2023-25940
1.2	2023-06-22	Added notes for Proprietary Code CVEs and updated hyperlink for CVE-2022-28615

DSA-2023-102: Dell EMC PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

摘要: Dell EMC PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

文章内容

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律信息

文章属性

受影响的产品

上次发布日期

版本

文章类型

欢迎

欢迎访问戴尔

DSA-2023-102: Dell EMC PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

摘要: Dell EMC PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

文章内容

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律信息

文章属性

受影响的产品

上次发布日期

版本

文章类型