Login Sign Up

CVE-2023-22572

7.8 HIGH

📋 TL;DR

Dell PowerScale OneFS versions 9.1.0.x through 9.4.0.x log sensitive information (likely passwords) when users change passwords via the API. A local attacker with low privileges could read these logs to obtain credentials, potentially leading to privilege escalation and system compromise.

💻 Affected Systems

Products:
  • Dell PowerScale OneFS
Versions: 9.1.0.x through 9.4.0.x
Operating Systems: PowerScale OneFS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with the change password API enabled and logging configured.

📦 What is this software?

Emc Powerscale Onefs by Dell

View all CVEs affecting Emc Powerscale Onefs →

Emc Powerscale Onefs by Dell

View all CVEs affecting Emc Powerscale Onefs →

Emc Powerscale Onefs by Dell

View all CVEs affecting Emc Powerscale Onefs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker obtains administrative credentials from logs, gains full system control, and potentially compromises the entire PowerScale cluster.

🟠

Likely Case

Local attacker escalates privileges to gain unauthorized access to sensitive data or system functions.

🟢

If Mitigated

With proper log access controls and monitoring, impact is limited to potential credential exposure without successful exploitation.

🌐 Internet-Facing: LOW - This requires local access to the system, not remote exploitation.
🏢 Internal Only: HIGH - Any local user with log read access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Requires reading log files containing sensitive data.

Exploitation requires local access and ability to read system logs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Dell PowerScale OneFS security updates as specified in advisory.

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000207863/dell-powerscale-onefs-security-updates-for-multiple-security

Restart Required: Yes

Instructions:

1. Review Dell advisory 000207863. 2. Download appropriate OneFS security update. 3. Apply update following Dell's upgrade procedures. 4. Restart affected services/systems.

🔧 Temporary Workarounds

Restrict Log Access

linux

Limit read access to system log files to authorized administrators only.

chmod 640 /var/log/*.log
setfacl -m u:admin:r /var/log/*.log

Disable Password Change API

linux

Temporarily disable the change password API if not required.

isi auth settings modify --password-change-api=false

🧯 If You Can't Patch

  • Implement strict access controls on log directories and files.
  • Monitor log access attempts and implement alerting for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check OneFS version with 'isi version' and verify if between 9.1.0.x and 9.4.0.x.

Check Version:

isi version

Verify Fix Applied:

Verify version is updated beyond affected range and check logs no longer contain password information.

📡 Detection & Monitoring

Log Indicators:

  • Log entries containing password strings or credential information in clear text.

Network Indicators:

  • Unusual local log access patterns from non-admin users.

SIEM Query:

source="/var/log/*.log" AND (password OR passwd OR credential) NOT admin_user

📊 Metadata

CVE ID: CVE-2023-22572
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-532
Published: February 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22572, you might also want to check these:

CVE-2021-32724 9.9

CVE-2021-32724 is a critical vulnerability in the check-spelling GitHub Action that allows attackers...

Same vulnerability type (CWE-532)
CVE-2022-36407 9.9

This vulnerability allows local users to gain sensitive information through insertion of sensitive d...

Same vulnerability type (CWE-532)
CVE-2025-6391 9.8

Brocade ASCG versions before 3.3.0 log JSON Web Tokens (JWT) in plain text within log files. Attacke...

Same vulnerability type (CWE-532)