CVE-2024-25954
📋 TL;DR
Dell PowerScale OneFS versions 9.5.0.x through 9.7.0.x have an insufficient session expiration vulnerability that allows remote unauthenticated attackers to cause denial of service. This affects all systems running these versions of Dell's scale-out NAS storage software.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system unavailability through sustained DoS attacks, disrupting storage services for all connected clients and applications.
Likely Case
Service degradation or intermittent outages affecting storage performance and availability.
If Mitigated
Minimal impact with proper network segmentation and rate limiting in place.
🎯 Exploit Status
Remote unauthenticated access lowers barrier to exploitation, though specific exploit details are not publicly documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions beyond 9.7.0.x (check Dell advisory for specific patched versions)
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Restart Required: Yes
Instructions:
1. Review Dell advisory DSA-2024-115. 2. Download appropriate OneFS update from Dell support. 3. Apply update following Dell's upgrade procedures. 4. Reboot system as required.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to PowerScale management interfaces to trusted networks only.
# Configure firewall rules to limit access to PowerScale management ports
# Example: iptables -A INPUT -p tcp --dport <management_port> -s <trusted_network> -j ACCEPT
Rate Limiting
allImplement rate limiting on network traffic to PowerScale systems to mitigate DoS attempts.
# Use network appliances or firewall rate limiting rules
# Example rate limiting configuration depends on network equipment
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure to untrusted networks
- Monitor system performance and logs for signs of DoS activity and have incident response procedures ready
🔍 How to Verify
Check if Vulnerable:
Check OneFS version via CLI: 'isi version' or web UI under Cluster Management > General SetupCheck Version:
isi versionVerify Fix Applied:
Verify version is updated beyond 9.7.0.x using 'isi version' command and check Dell advisory for specific patched versions📡 Detection & Monitoring
Log Indicators:
- Unusual session activity patterns
- Multiple failed authentication attempts from single sources
- System performance degradation logs
Network Indicators:
- Abnormal traffic spikes to PowerScale management ports
- Repeated connection attempts from untrusted sources
SIEM Query:
source="powerscale" AND (event_type="session_anomaly" OR error_rate > threshold)