Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.
The vulnerability results from missing authorization control (CWE-862) in the NFS export handling. An attacker without any credentials, having only remote network access to the device, can bypass authentication mechanisms and gain access to file system resources exported by NFS. The attack vector does not require user interaction or elevated privileges, making the exploit particularly easy to execute.
An attacker can read, modify, and delete any files in the file system without authorization, which according to the vendor may lead to full system compromise.
Dell PowerScale OneFS should be updated to a patched version as soon as possible in accordance with the vendor's guidelines contained in security bulletin DSA-2025-208 available at: https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities. Dell strongly recommends performing the update at the earliest possible time.
Dell PowerScale OneFS versions 9.5.0.0 through 9.10.0.1 inclusive.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDell Powerscale Onefs
APPDell9.5.0.0 – 9.10.0.1
Related vulnerabilities
Dell PowerScale OneFS — przejęcie konta przez domyślne hasło
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administ...
Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication ...
Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnera...
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. A...