Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account.
The vulnerability (CWE-1393) consists of the system leaving an active privileged account with a default, unchanged password. An attacker with network access can authenticate using this default password, thereby bypassing any access control mechanisms. The lack of user interaction requirement or special environmental conditions makes the attack simple to carry out on a large scale.
An attacker can completely take over a user account with high privileges, which in practice means full control over the Dell PowerScale OneFS environment — including access to stored data, the ability to modify or delete it, and destabilization of services.
Apply patches available from the vendor according to references (DSA-2025-119). Additionally, it is recommended to immediately change default passwords on all privileged accounts and restrict network access to system management interfaces.
Dell PowerScale OneFS in versions 9.5.0.0 through 9.10.1.0 inclusive.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDell Powerscale Onefs
APPDell9.5.0.0 – 9.10.1.0
Related vulnerabilities
Brak autoryzacji w NFS export — Dell PowerScale OneFS (Auth Bypass)
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administ...
Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication ...
Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnera...
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. A...