CVE-2024-32852 – Dell PowerScale OneFS versions 8.2.2.x through ... (How to Fix)

Q: What is the severity of CVE-2024-32852?

CVE-2024-32852 has a CVSS score of 5.9 (MEDIUM). Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 use broken or risky cryptographic algorithms, allowing unprivileged network attackers to potentially exploit this vulnerability to cause data leaks. This affects Dell PowerScale storage systems running vulnerable OneFS versions.

📋 TL;DR

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 use broken or risky cryptographic algorithms, allowing unprivileged network attackers to potentially exploit this vulnerability to cause data leaks. This affects Dell PowerScale storage systems running vulnerable OneFS versions.

💻 Affected Systems

Products:

Dell PowerScale OneFS

Versions: 8.2.2.x through 9.7.0.0

Operating Systems: OneFS (PowerScale's proprietary OS)

Default Config Vulnerable: ⚠️ Yes

Notes: All systems running affected OneFS versions are vulnerable by default if using the weak cryptographic algorithms.

📦 What is this software?

Powerscale Onefs by Dell

View all CVEs affecting Powerscale Onefs →

Powerscale Onefs by Dell

View all CVEs affecting Powerscale Onefs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive data stored on PowerScale systems could be decrypted or intercepted by attackers, leading to data breaches, compliance violations, and reputational damage.

🟠

Likely Case

Attackers could decrypt weakly encrypted data or perform man-in-the-middle attacks to intercept data in transit to/from PowerScale systems.

🟢

If Mitigated

With proper network segmentation and access controls, the attack surface is reduced, limiting potential data exposure to segmented network zones.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to vulnerable systems and knowledge of the weak cryptographic implementation details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OneFS 9.7.0.1 and later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2024-255. 2. Download and apply the OneFS update to version 9.7.0.1 or later. 3. Reboot the PowerScale cluster as required by the update process.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to PowerScale systems to only trusted networks and required services.

Encryption Configuration Review

linux

Audit and disable use of weak cryptographic algorithms in OneFS configuration where possible.

🧯 If You Can't Patch

Implement strict network access controls and firewall rules to limit exposure to PowerScale systems.
Monitor for unusual network traffic patterns or decryption attempts targeting PowerScale systems.

🔍 How to Verify

Check if Vulnerable:

Check the OneFS version using the CLI command: 'isi version'. If version is between 8.2.2.x and 9.7.0.0 inclusive, the system is vulnerable.

Check Version:

isi version

Verify Fix Applied:

After patching, verify the OneFS version is 9.7.0.1 or later using 'isi version' command.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication failures, unexpected cryptographic algorithm usage in logs

Network Indicators:

Suspicious network traffic to PowerScale management or data ports, especially from untrusted sources

SIEM Query:

source="powerscale" AND (event_type="crypto_error" OR algorithm="weak_crypto")

📊 Metadata

CVE ID: CVE-2024-32852

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-327

Published: July 2, 2024

Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32852, you might also want to check these: