Artikelnummer: 000225667
High
Third-Party Component | CVEs | More information |
---|---|---|
Sudo | CVE-2023-42465 | https://nvd.nist.gov/vuln/detail/CVE-2023-42465 |
pyca/cryptography | CVE-2023-23931, CVE-2020-25659 | See the NVD link below for individual scores for each CVE.https://nvd.nist.gov/ |
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-29170 | Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service. | 8.1 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-29170 | Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service. | 8.1 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Links |
---|---|---|---|---|
CVE-2023-42465 | PowerScale OneFS | Version 8.2.x through 9.4.0.17 |
Version 9.4.0.18 or later |
PowerScale OneFS Downloads Area |
CVE-2023-23931, CVE-2020-25659 | PowerScale OneFS | Version 8.2.x through 9.4.0.17 |
Version 9.7.1.0 or later | PowerScale OneFS Downloads Area |
CVE-2023-42465, CVE-2023-23931, CVE-2020-25659 | PowerScale OneFS | Version 9.5.0.0 through 9.7.0.1 |
Version 9.7.1.0 or later | PowerScale OneFS Downloads Area |
CVE-2023-23931, CVE-2020-25659 | PowerScale OneFS | Version 9.7.0.2 |
Version 9.7.1.0 or later | PowerScale OneFS Downloads Area |
CVE-2024-29170 | PowerScale OneFS | Version 8.2.x through 9.8.0.x |
N/A | PowerScale OneFS Security Configuration Guide |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Links |
---|---|---|---|---|
CVE-2023-42465 | PowerScale OneFS | Version 8.2.x through 9.4.0.17 |
Version 9.4.0.18 or later |
PowerScale OneFS Downloads Area |
CVE-2023-23931, CVE-2020-25659 | PowerScale OneFS | Version 8.2.x through 9.4.0.17 |
Version 9.7.1.0 or later | PowerScale OneFS Downloads Area |
CVE-2023-42465, CVE-2023-23931, CVE-2020-25659 | PowerScale OneFS | Version 9.5.0.0 through 9.7.0.1 |
Version 9.7.1.0 or later | PowerScale OneFS Downloads Area |
CVE-2023-23931, CVE-2020-25659 | PowerScale OneFS | Version 9.7.0.2 |
Version 9.7.1.0 or later | PowerScale OneFS Downloads Area |
CVE-2024-29170 | PowerScale OneFS | Version 8.2.x through 9.8.0.x |
N/A | PowerScale OneFS Security Configuration Guide |
Any version not listed in the Affected Products and Remediation section should upgrade PowerScale OneFS to version 9.7.1.0 or later.
We encourage all customers to adopt the Long Term Support (LTS) 2024 version, the 9.7.x code line with the latest maintenance MR 9.7.1.0. For more information about LTS code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary.
CVEs | Mitigations |
---|---|
CVE-2023-42465 | This vulnerability only applies when customers are given ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to users. This vulnerability can be mitigated in non-compliance mode cluster and PowerScale OneFS version 9.5 or later by enabling the restricted shell for users. More information regarding restricted shell can be found at: OneFS Restricted Shell | Dell Technologies Info Hub. |
CVE-2024-29170 | Please refer the section "Change password on backend switches” in the “Security Configuration Guide” document listed under "Administering Your Cluster" at https://www.dell.com/support/kbdoc/000220353 |
Revision | Date | Description |
---|---|---|
1.0 | 2024-06-03 | Initial Release |
2.0 | 2024-06-12 | Updated Workarounds and Mitigations section: CVE-2024-29170 mitigation details |
13 jun. 2024
Dell Security Advisory