CVE-2024-25960
📋 TL;DR
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x transmit sensitive information in cleartext, allowing a local low-privileged attacker to intercept this data and potentially escalate privileges. This affects Dell PowerScale storage systems running vulnerable OneFS versions.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains administrative privileges on the PowerScale cluster, enabling complete system compromise, data theft, or destruction.
Likely Case
Local attacker elevates privileges to access restricted data or perform unauthorized administrative actions within the OneFS environment.
If Mitigated
With proper network segmentation and access controls, impact is limited to the local system where the attacker already has low-privileged access.
🎯 Exploit Status
Exploitation requires local access and ability to intercept cleartext transmissions. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to OneFS version 9.7.0.1 or later as specified in DSA-2024-115
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Restart Required: Yes
Instructions:
1. Review DSA-2024-115 advisory. 2. Download appropriate OneFS update from Dell Support. 3. Apply update following Dell's PowerScale update procedures. 4. Reboot system as required.
🔧 Temporary Workarounds
Restrict Local Access
linuxLimit local console and SSH access to PowerScale systems to authorized administrators only.
# Configure access controls in OneFS: isi auth users modify <username> --enabled false
# Review and restrict SSH access in /etc/ssh/sshd_config
Network Segmentation
allIsolate PowerScale management interfaces from general user networks to reduce attack surface.
# Configure firewall rules to restrict access to PowerScale management IPs
🧯 If You Can't Patch
- Implement strict access controls to limit who has local access to PowerScale systems.
- Monitor system logs for unusual local authentication or privilege escalation attempts.
🔍 How to Verify
Check if Vulnerable:
Check OneFS version: ssh admin@powerscale 'isi version' and verify if version is between 8.2.2.x and 9.7.0.xCheck Version:
ssh admin@powerscale 'isi version'Verify Fix Applied:
After update, run: ssh admin@powerscale 'isi version' and confirm version is 9.7.0.1 or later📡 Detection & Monitoring
Log Indicators:
- Unusual local authentication events
- Privilege escalation attempts in system logs
- Cleartext sensitive data transmission in network captures
Network Indicators:
- Cleartext transmission of authentication or sensitive data on local interfaces
SIEM Query:
source="powerscale" AND (event_type="authentication" OR event_type="privilege") AND result="failure"