CVE-2023-25941

Summary

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.

Affected Software

VendorProductVersion RangeStatus
DellPowerScale OneFS9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12affected
DellPowerScale OneFS9.1.0.0 through 9.1.0.28affected
DellPowerScale OneFSAny other versionaffected

Weaknesses

  • CWE-276: CWE-276: Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References