CVE-2023-25941
📋 TL;DR
Dell PowerScale OneFS versions 8.2.x through 9.5.0.x contain a local privilege escalation vulnerability. A low-privileged local attacker could exploit this to gain elevated privileges, potentially leading to denial of service, information disclosure, and privilege escalation. This vulnerability affects Dell PowerScale storage systems running vulnerable OneFS versions.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains root-level access to the PowerScale cluster, compromising all data, disrupting operations, and potentially pivoting to other systems.
Likely Case
A malicious insider or compromised low-privileged account escalates privileges to access sensitive data or disrupt storage services.
If Mitigated
With strict access controls and monitoring, exploitation is detected and contained before significant damage occurs.
🎯 Exploit Status
Exploitation requires local access with low privileges. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.5.0.1 and later
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security
Restart Required: Yes
Instructions:
1. Review Dell advisory 000211539. 2. Apply OneFS update to version 9.5.0.1 or later. 3. Reboot the PowerScale cluster as required by the update process.
🔧 Temporary Workarounds
Restrict Local Access
allLimit local shell access to only trusted administrators to reduce attack surface.
Review and tighten SSH/console access controls
Implement strict user account management
🧯 If You Can't Patch
- Implement strict least-privilege access controls and monitor for suspicious local activity.
- Segment PowerScale systems from general user networks and restrict access to administrative interfaces only.
🔍 How to Verify
Check if Vulnerable:
Check OneFS version via CLI: 'isi version' or web UI. If version is between 8.2.x and 9.5.0.x inclusive, system is vulnerable.Check Version:
isi versionVerify Fix Applied:
After patching, verify version is 9.5.0.1 or later using 'isi version' command.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation events in system logs
- Unexpected user account modifications
- Failed compliance mode checks
Network Indicators:
- Unusual administrative access patterns to PowerScale management interfaces
SIEM Query:
Search for events where low-privileged users gain root/admin access on PowerScale systems.