CVE-2024-53298
BaseFortify
Publication date: 2025-06-20
Last updated on: 2025-07-11
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerscale_onefs | From 9.5.0.0 (inc) to 9.10.0.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing authorization flaw in the NFS export of Dell PowerScale OneFS versions 9.5.0.0 through 9.10.0.1. It allows an unauthenticated attacker with remote access to potentially gain unauthorized access to the filesystem, enabling them to read, modify, and delete arbitrary files.
How can this vulnerability impact me? :
The vulnerability can lead to a full system compromise by allowing an attacker to read, modify, and delete any files on the affected system without authentication. This can result in data loss, data corruption, and unauthorized data disclosure.
What immediate steps should I take to mitigate this vulnerability?
Dell recommends customers to upgrade Dell PowerScale OneFS to a version later than 9.10.0.1 at the earliest opportunity to mitigate this vulnerability.