CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-53298

CVSS 9.8v3.1pub. 2025-06-20upd. 2025-07-11

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.

🤖 AI Analysis
How it works

The vulnerability results from missing authorization control (CWE-862) in the NFS export handling. An attacker without any credentials, having only remote network access to the device, can bypass authentication mechanisms and gain access to file system resources exported by NFS. The attack vector does not require user interaction or elevated privileges, making the exploit particularly easy to execute.

Impact

An attacker can read, modify, and delete any files in the file system without authorization, which according to the vendor may lead to full system compromise.

Mitigation & patch

Dell PowerScale OneFS should be updated to a patched version as soon as possible in accordance with the vendor's guidelines contained in security bulletin DSA-2025-208 available at: https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities. Dell strongly recommends performing the update at the earliest possible time.

Who is affected

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.0.1 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dell Powerscale Onefs

    APP
    Dell
    9.5.0.0 – 9.10.0.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-27690CRITICAL9.8PL ✓ten sam produkt

Dell PowerScale OneFS — przejęcie konta przez domyślne hasło

CVE-2022-31229CRITICAL9.6ten sam produkt

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administ...

CVE-2026-22278HIGH8.1ten sam produkt

Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication ...

CVE-2025-26481HIGH7.5ten sam produkt

Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnera...

CVE-2025-26330HIGH7.0ten sam produkt

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. A...