CVE-2022-24412
📋 TL;DR
CVE-2022-24412 is an improper handling of value vulnerability in Dell EMC PowerScale OneFS, allowing an unprivileged network attacker to cause a denial-of-service. It affects PowerScale OneFS versions 8.2.x through 9.3.0.x, potentially disrupting storage operations for organizations using these systems.
💻 Affected Systems
- Dell EMC PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Exploitation could lead to a complete denial-of-service, rendering the PowerScale OneFS system unavailable and disrupting storage services, impacting business operations.
Likely Case
Most probable impact is a partial or temporary denial-of-service, causing performance degradation or service interruptions for network-accessible storage functions.
If Mitigated
With proper network segmentation and access controls, the impact is minimized, limiting exposure to authorized internal users and reducing the risk of exploitation.
🎯 Exploit Status
Exploitation is straightforward due to the unauthenticated nature and network accessibility, but no public proof-of-concept has been disclosed as of the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: OneFS 9.3.0.1 and later versions
Vendor Advisory: https://www.dell.com/support/kbdoc/000196657
Restart Required: Yes
Instructions:
1. Review the Dell advisory at the provided URL. 2. Upgrade PowerScale OneFS to version 9.3.0.1 or later. 3. Apply the patch through the OneFS management interface or CLI. 4. Restart the system as required to complete the update.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to PowerScale OneFS systems to trusted internal networks only, reducing exposure to potential attackers.
Access Control Lists (ACLs)
allImplement strict ACLs to limit which IP addresses or subnets can communicate with the PowerScale OneFS management and data interfaces.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate PowerScale OneFS systems from untrusted networks.
- Monitor network traffic and logs for unusual activity or denial-of-service attempts, and have an incident response plan ready.
🔍 How to Verify
Check if Vulnerable:
Check the PowerScale OneFS version via the management interface or CLI; if it is between 8.2.x and 9.3.0.x, it is vulnerable.Check Version:
isi version (run on the PowerScale OneFS CLI)Verify Fix Applied:
After patching, verify the version is 9.3.0.1 or later using the same method, and test system functionality to ensure no denial-of-service occurs.📡 Detection & Monitoring
Log Indicators:
- Unusual network connection attempts to PowerScale OneFS ports
- Log entries indicating service disruptions or crashes in system logs
Network Indicators:
- Spike in network traffic to PowerScale OneFS systems from unauthenticated sources
- Anomalous patterns in storage protocol communications
SIEM Query:
Example: source="PowerScale_OneFS" AND (event_type="denial_of_service" OR error_code="CVE-2022-24412")