Critical Vulnerability Discovered in Dell PowerScale Storage Systems – Update Your Software Now

CVECVE-2023-22572
CVSScvssV3_1: 7.8
SourceCVE-2023-22572

Researchers have discovered a vulnerability in Dell PowerScale OneFS storage operating system that could allow a local attacker to gain complete control over affected systems.

The vulnerability exists in the change password API of OneFS versions 9.1.0.x through 9.4.0.x. By exploiting this flaw, a low privileged attacker who has access to the system could insert sensitive information like passwords or authentication tokens into log files. This would then allow them to escalate their privileges and take over the entire storage system.

Dell PowerScale, previously known as Dell EMC Isilon, is network-attached storage software and hardware used by many businesses worldwide to store and manage large unstructured data like videos, images and backups. A compromise of a PowerScale cluster could potentially impact confidentiality, integrity and availability of critical business data.

The security researchers have rated the severity of this vulnerability as 7.8 out of 10. All Dell PowerScale users are highly recommended to immediately update to the latest version of OneFS to patch this vulnerability. Administrators should also carefully review logs for any unauthorized access attempts. Enabling multi-factor authentication for administrative access is another step that can mitigate risks from this issue.

By taking prompt action to update OneFS, PowerScale customers can protect their critical business data and infrastructure from this security risk. Staying vigilant about software updates is key to maintaining good cyber hygiene.

References