Multiple vulnerabilities in Dell PowerScale OneFS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2023-38709 CVE-2024-39578 CVE-2024-39579 CVE-2023-7250 CVE-2023-46219 CVE-2023-46218 CVE-2024-24795 CVE-2024-0450 CVE-2023-6597 CVE-2023-52426 CVE-2023-52425 CVE-2024-28757 CVE-2023-49083 CVE-2024-6387 |
| CWE-ID | CWE-113 CWE-59 CWE-266 CWE-399 CWE-311 CWE-200 CWE-400 CWE-61 CWE-776 CWE-611 CWE-476 CWE-362 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #14 is available. |
| Vulnerable software |
PowerScale OneFS Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) HTTP response splitting
EUVDB-ID: #VU88151
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38709
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not correctly process CRLF character sequences. A malicious or exploitable backend/content generators can send specially crafted response containing CRLF sequence and make the application to send a split HTTP response.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://downloads.apache.org/httpd/CHANGES_2.4
http://httpd.apache.org/security/vulnerabilities_24.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Link following
EUVDB-ID: #VU102863
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39578
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local high privileged user to perform a denial of service (DoS) attack and modify data on the system.
The vulnerability exists due to Dell PowerScale OneFS UNIX symbolic link (symlink). A local high privileged user could potentially exploit this vulnerability, leading to denial of service, information tampering.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect Privilege Assignment
EUVDB-ID: #VU102864
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39579
CWE-ID:
CWE-266 - Incorrect Privilege Assignment
Exploit availability: No
DescriptionThe vulnerability allows a local high privileged user to gain root-level access.
The vulnerability exists due to incorrect privilege assignment. A local high privileged user could potentially exploit this vulnerability to gain root-level access.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU82202
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7250
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application. A remote malicious client can initiate the connection with the server sending it less data than expected and block the iperf server from servicing other clients.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://bugzilla.redhat.com/show_bug.cgi?id=2244708
http://bugs.launchpad.net/ubuntu/+source/iperf3/+bug/2038654
http://downloads.es.net/pub/iperf/esnet-secadv-2023-0002.txt.asc
http://bugzilla.redhat.com/show_bug.cgi?id=2244707
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Missing Encryption of Sensitive Data
EUVDB-ID: #VU83899
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46219
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error when handling HSTS long file names. When saving HSTS data to an excessively long file name, curl can end
up removing all contents from the file, making subsequent requests using that file
unaware of the HSTS status they should otherwise use. As a result, a remote attacker can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://curl.haxx.se/docs/CVE-2023-46219.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU83900
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46218
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in curl that allows a malicious HTTP server to set "super cookies" that are then passed back to more origins than what is otherwise allowed or possible. A remote attacker can force curl to send such cookie to different and unrelated sites and domains.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://curl.haxx.se/docs/CVE-2023-46218.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) HTTP response splitting
EUVDB-ID: #VU88152
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24795
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not correctly process CRLF character sequences in multiple modules. A remote attacker can inject malicious response headers into backend applications and perform an HTTP desynchronization attack.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://httpd.apache.org/security/vulnerabilities_24.html
http://downloads.apache.org/httpd/CHANGES_2.4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU87685
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0450
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the zipfile module does not properly control consumption of internal resources when extracting files from a zip archive. A remote attacker can pass a specially crafted archive aka zip-bomb to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba
http://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b
http://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549
http://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85
http://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51
http://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183
http://github.com/python/cpython/issues/109858
http://www.bamsoftware.com/hacks/zipbomb/
http://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) UNIX symbolic link following
EUVDB-ID: #VU87185
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6597
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists due to a symlink following issue during cleanup when handling temporary files. A local user can create a specially crafted symbolic link to a critical file on the system and delete it.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://github.com/python/cpython/issues/91133
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) XML Entity Expansion
EUVDB-ID: #VU86231
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52426
CWE-ID:
CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to recursive XML Entity Expansion if XML_DTD is undefined at compile time. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://github.com/libexpat/libexpat/pull/777
http://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource exhaustion
EUVDB-ID: #VU86230
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52425
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing large tokens. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://github.com/libexpat/libexpat/pull/789
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) XML External Entity injection
EUVDB-ID: #VU87337
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28757
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input when using external parsers via XML_ExternalEntityParserCreate. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://github.com/libexpat/libexpat/pull/842
http://github.com/libexpat/libexpat/issues/839
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU83930
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49083
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when calling the load_pem_pkcs7_certificates() or load_der_pkcs7_certificates() functions. A remote attacker can pass specially crafted PKCS7 blob/certificate certificate to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
http://github.com/pyca/cryptography/pull/9926
http://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Race condition
EUVDB-ID: #VU93513
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-6387
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition in portable version of sshd. A remote non-authenticated attacker can send a series of requests in order to trigger a race condition and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 9.4.0.19
CPE2.3 External linkshttp://www.openssh.com/releasenotes.html#9.8p1
http://seclists.org/oss-sec/2024/q3/2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
