CVE-2023-43087
📋 TL;DR
Dell PowerScale OneFS versions 8.2.x through 9.5.0.x contain an improper permission handling vulnerability that allows low-privileged remote attackers to access information they shouldn't be able to see. This affects organizations using Dell PowerScale storage systems with these specific OneFS versions. The vulnerability enables unauthorized information disclosure through insufficient permission checks.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Sensitive configuration data, system information, or potentially user data could be exposed to unauthorized low-privileged users, leading to data breach or reconnaissance for further attacks.
Likely Case
Low-privileged users gain access to system information, configuration details, or metadata they shouldn't see, potentially enabling further privilege escalation or information gathering.
If Mitigated
With proper network segmentation and access controls, impact is limited to authorized users within the storage network, reducing exposure of sensitive data.
🎯 Exploit Status
Exploitation requires low-privileged credentials but is likely straightforward once authenticated. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to OneFS 9.5.0.2 or later as specified in Dell advisory
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000218934/powerscale-onefs-security-updates-for-multiple-security-vulnerabilities
Restart Required: Yes
Instructions:
1. Review Dell advisory 000218934. 2. Download appropriate OneFS update from Dell support. 3. Apply update following Dell's PowerScale update procedures. 4. Reboot system as required by the update process.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to PowerScale management interfaces to only authorized administrative networks
Configure firewall rules to limit access to PowerScale management IPs/ports
Access Control Tightening
linuxReview and minimize low-privileged user accounts with access to PowerScale systems
Review user accounts via OneFS CLI: 'isi auth users list'
Remove unnecessary accounts: 'isi auth users delete <username>'
🧯 If You Can't Patch
- Implement strict network segmentation to isolate PowerScale management interfaces from general user networks
- Audit and reduce low-privileged user accounts with PowerScale access, implement principle of least privilege
🔍 How to Verify
Check if Vulnerable:
Check OneFS version via CLI: 'isi version' or web UI. If version is between 8.2.x and 9.5.0.x (excluding 9.5.0.2+), system is vulnerable.Check Version:
isi versionVerify Fix Applied:
After patching, verify version is 9.5.0.2 or later using 'isi version' command. Test with low-privileged account to confirm information disclosure is prevented.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns from low-privileged accounts to sensitive endpoints
- Multiple failed permission checks followed by successful access
Network Indicators:
- Increased traffic from non-admin networks to PowerScale management ports
- Unusual data retrieval patterns from low-privileged IPs
SIEM Query:
source="powerscale" AND (event_type="access_denied" OR event_type="permission_failure") AND user_privilege="low" AND result="success"