Lucene search

DellCVE-2023-25536

HistoryMar 02, 2023 - 4:15 p.m.

CVE-2023-25536

2023-03-0216:15:14

CWE-200

CWE-668

dell

web.nvd.nist.gov

cve-2023-25536

dell

powerscale

onefs

9.4.0.x

sensitive information exposure

unauthorized access

certificate management

system takeover

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.

Affected configurations

Nvd

Vulners

Node

dellpowerscale_onefsRange9.4.0.0–9.4.0.11

VendorProductVersionCPE
dellpowerscale_onefs*cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	powerscale_onefs	*	cpe:2.3:a:dell:powerscale_onefs::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerScale OneFS",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "9.4.0.0 through 9.4.0.11"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000209895/dell-emc-powerscale-onefs-security-updates-for-multiple-security

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-25536