Summary: Dell has issued a security advisory for vulnerabilities in PowerScale OneFS, a network-attached storage OS, which could allow attackers to compromise systems. Key vulnerabilities include high-risk issues that could lead to unauthorized access and denial of service. Dell advises users to upgrade to the latest version, 9.10.1.1, or apply specific patches to mitigate risks.
Affected: Dell PowerScale OneFS
Keypoints :
- CVE-2025-27690: Default password vulnerability allowing account takeover (CVSS 9.8).
- CVE-2025-26330: Incorrect authorization exploit for accessing disabled accounts (CVSS 7.0).
- CVE-2025-22471: Integer overflow leading to denial of service (CVSS 6.5).
- CVE-2025-26480: Uncontrolled resource consumption causing denial of service (CVSS 5.3).
- CVE-2025-23378: Directory listing vulnerability disclosing sensitive information (CVSS 3.3).
- CVE-2025-26479: Out-of-bounds write affecting data integrity (CVSS 3.1).
- Workarounds provided until patches are applied include account restrictions and access limitations.
Source: https://securityonline.info/dell-addresses-security-vulnerabilities-in-powerscale-onefs/