CVE-2024-25965
📋 TL;DR
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contain a path traversal vulnerability where an attacker with local high privileges can control file names or paths. This could allow a malicious insider or compromised account to cause denial of service by manipulating system files. Only Dell PowerScale OneFS storage systems running affected versions are impacted.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
A local high-privilege attacker could manipulate critical system files, causing complete system unavailability or data corruption requiring restoration from backups.
Likely Case
A compromised administrative account could disrupt specific services or file access, causing partial denial of service until manual intervention.
If Mitigated
With proper access controls and monitoring, impact would be limited to isolated incidents quickly detected and contained.
🎯 Exploit Status
Exploitation requires local high-privilege access, which significantly reduces attack surface. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.7.0.3 and later
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000224860/dsa-2024-163-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Restart Required: Yes
Instructions:
1. Review Dell advisory DSA-2024-163. 2. Download appropriate OneFS update from Dell Support. 3. Apply update following Dell's documented upgrade procedures. 4. Reboot system as required by the update process.
🔧 Temporary Workarounds
Restrict Administrative Access
linuxLimit local administrative access to only essential personnel and implement strict access controls.
# Review and audit administrative accounts
isi auth users list --zone=SystemZone
# Implement role-based access controls
isi auth roles modify --help
🧯 If You Can't Patch
- Implement strict least-privilege access controls for all administrative accounts
- Enable comprehensive auditing and monitoring of file system operations by privileged users
🔍 How to Verify
Check if Vulnerable:
Check OneFS version: ssh to PowerScale node and run 'isi version' or 'uname -a'. If version is between 8.2.x and 9.7.0.2 inclusive, system is vulnerable.Check Version:
isi versionVerify Fix Applied:
After patching, verify version is 9.7.0.3 or later using 'isi version' command.📡 Detection & Monitoring
Log Indicators:
- Unusual file path manipulation by privileged accounts
- Unexpected system service failures following administrative actions
- Audit logs showing abnormal file operations from administrative sessions
Network Indicators:
- No network-based indicators as this is a local vulnerability
SIEM Query:
source="powerscale_audit" AND (event_type="file_operation" AND user_role="admin" AND file_path CONTAINS "../")