Critical Privilege Escalation Vulnerability Patched in Dell PowerScale Storage Software

CVECVE-2023-32457
CVSScvssV3_1: 7.5
SourceCVE-2023-32457

Dell PowerScale, formerly known as Dell EMC Isilon, is a popular scale-out network attached storage product used by many large organizations worldwide. A recent security audit discovered a privilege escalation vulnerability in versions 8.2.2.x through 9.5.0.x of the PowerScale OneFS operating system.

The vulnerability allows a low privileged attacker who has already gained some limited access on the system to exploit this issue and elevate their privileges to a higher level. This could then allow the attacker to access and modify sensitive files they were not authorized to see before. The CVSS score from NIST rates the severity of this vulnerability as high at 7.5.

Dell has released updates to address this issue in newer versions of OneFS. Administrators of PowerScale clusters are advised to immediately apply the latest firmware updates to patch the vulnerability. Regular audits of permissions and access controls are also recommended to prevent unintended escalation of privileges. User accounts should have only the minimum access required for their job functions.

Prompt patching of known issues is important to maintain security. Organizations using Dell PowerScale should verify they are on a supported version of OneFS to prevent potential exploitation of this critical privilege escalation vulnerability.

References