Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2024-346: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities

Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to   This article does not apply to 
Check out resources for

Impact

High

Details

Third-party Component  CVEs More Information
OpenSSH CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387This hyperlink is taking you to a website outside of Dell Technologies.
pyca/cryptography CVE-2023-49083 https://nvd.nist.gov/vuln/detail/CVE-2023-49083This hyperlink is taking you to a website outside of Dell Technologies.
Libexpat CVE-2024-28757
CVE-2023-52425
CVE-2023-52426		 See the NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
 
Python CVE-2023-6597
CVE-2024-0450		 See the NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Apache HTTP Server CVE-2023-38709
CVE-2024-24795		 See the NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2023-46218
CVE-2023-46219		 See the NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
iPerf3 CVE-2023-7250 https://nvd.nist.gov/vuln/detail/CVE-2023-7250This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-39579 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
 CVE-2024-39578 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-39579 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
 CVE-2024-39578 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2023-49083 PowerScale OneFS Versions 8.2.2.x through 9.4.0.18 Version 9.4.0.19 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 PowerScale OneFS Version 8.2.2.x through 9.5.0.8 Version 9.5.1.0 or later PowerScale OneFS Downloads Area
CVE-2024-6387 PowerScale OneFS Versions 9.1.0.x through 9.7.1.0 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-6597, CVE-2024-0450 PowerScale OneFS Versions 9.5.0.x through 9.5.0.8 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-38709, CVE-2024-24795, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 PowerScale OneFS Versions 8.2.2.x through 9.7.1.0 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 PowerScale OneFS Versions 9.8.0.0 Version 9.9.0.0 or later PowerScale OneFS Downloads Area
CVE-2024-6387, CVE-2023-38709, CVE-2024-24795 PowerScale OneFS Versions 9.8.0.0 through 9.8.0.1 Version 9.9.0.0 or later  PowerScale OneFS Downloads Area
CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2023-49083 PowerScale OneFS Versions 8.2.2.x through 9.4.0.18 Version 9.4.0.19 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 PowerScale OneFS Version 8.2.2.x through 9.5.0.8 Version 9.5.1.0 or later PowerScale OneFS Downloads Area
CVE-2024-6387 PowerScale OneFS Versions 9.1.0.x through 9.7.1.0 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-6597, CVE-2024-0450 PowerScale OneFS Versions 9.5.0.x through 9.5.0.8 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-38709, CVE-2024-24795, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 PowerScale OneFS Versions 8.2.2.x through 9.7.1.0 Version 9.7.1.2 or later PowerScale OneFS Downloads Area
CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 PowerScale OneFS Versions 9.8.0.0 Version 9.9.0.0 or later PowerScale OneFS Downloads Area
CVE-2024-6387, CVE-2023-38709, CVE-2024-24795 PowerScale OneFS Versions 9.8.0.0 through 9.8.0.1 Version 9.9.0.0 or later  PowerScale OneFS Downloads Area
Note:
  • Any version not listed in the Affected Products and Remediation section should upgrade PowerScale OneFS to a version 9.7.1.2 or later.
  • We encourage all customers to adopt the LTS 2024 version which is 9.7.x code line, with the latest maintenance MR 9.7.1.2.
  • CVE-2024-6387 will be remediated in version 9.7.1.2 and remediated in 9.5.1.1 which is expected to be released in September 2024.
  • For more information about (Long Term Support) LTS code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary

Revision History

RevisionDateDescription
1.02024-08-30Initial Release
2..02024-08-30Updated for enhanced presentation with no changes to content

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer