DSA-2023-102: Dell EMC PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

摘要: Dell EMC PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

影响

详情

受影响的产品和补救措施

修订历史记录

法律免责声明

受影响的产品

提供反馈

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

查看其他资源

影响

Critical

详情

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-25941	Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-25940	Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-25942	Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Third-Party Component	CVEs	CVSS Vector String
Apache	CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813	See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details.
FreeBSD	CVE-2019-15876	See NVD for more details.

Note: CVE-2023-25941 and CVE-2023-25940 are only applicable to compliance mode clusters and both are business critical as it breaks compliance mode guarantee.

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-25941	Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-25940	Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-25942	Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Third-Party Component	CVEs	CVSS Vector String
Apache	CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813	See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details. See NVD for more details.
FreeBSD	CVE-2019-15876	See NVD for more details.

Note: CVE-2023-25941 and CVE-2023-25940 are only applicable to compliance mode clusters and both are business critical as it breaks compliance mode guarantee.

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813	PowerScale OneFS	9.1.0.0 through 9.1.0.27 9.2.1.0 through 9.2.1.20 9.4.0.0 through 9.4.0.12	Download and install the latest RUP. >= 9.1.0.28 >= 9.2.1.21 >= 9.4.0.13	PowerScale OneFS Downloads Area
	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.
CVE-2023-25941	PowerScale OneFS	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0 through 9.5.0.1	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.2
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.
CVE-2023-25940	PowerScale OneFS	9.5.0.0	Download and install the latest RUP. >= 9.5.0.1
CVE-2023-25942	PowerScale OneFS	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.1
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.
CVE-2019-15876	PowerScale OneFS with Gen6 H5600 node	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.1
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813	PowerScale OneFS	9.1.0.0 through 9.1.0.27 9.2.1.0 through 9.2.1.20 9.4.0.0 through 9.4.0.12	Download and install the latest RUP. >= 9.1.0.28 >= 9.2.1.21 >= 9.4.0.13	PowerScale OneFS Downloads Area
	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.
CVE-2023-25941	PowerScale OneFS	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0 through 9.5.0.1	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.2
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.
CVE-2023-25940	PowerScale OneFS	9.5.0.0	Download and install the latest RUP. >= 9.5.0.1
CVE-2023-25942	PowerScale OneFS	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.1
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.
CVE-2019-15876	PowerScale OneFS with Gen6 H5600 node	9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0	Download and install the latest RUP. >= 9.2.1.22 >= 9.4.0.13 >= 9.5.0.1
		9.1.0.0 through 9.1.0.28	Upgrade your version of PowerScale OneFS to >= 9.4.0.13.
		Any other version	Upgrade your version of PowerScale OneFS.

修订历史记录

Revision	Date	Description
1.0	2023-03-23	Initial Release
1.1	2023-06-19	Updated CVE description for CVE-2023-25940
1.2	2023-06-22	Added notes for Proprietary Code CVEs and updated hyperlink for CVE-2022-28615

法律免责声明

受影响的产品

PowerScale OneFS, Product Security Information

文章编号: 000211539

文章类型: Dell Security Advisory

上次修改时间: 19 9月 2025

DSA-2023-102: Dell EMC PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

摘要: Dell EMC PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

DSA-2023-102: Dell EMC PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

摘要: Dell EMC PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

详细文章

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务