CVE-2024-53298

CRITICAL

Dell PowerScale OneFS 9.5.0.0-9.10.0.1 - Unauthenticated Arbitrary File Read, Write, and Delete via NFS Export

Title source: llm

Description

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities

Scores

CVSS v3 9.8

EPSS 0.0070

EPSS Percentile 72.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-862

Status published

Products (1)

dell/powerscale_onefs 9.5.0.0 - 9.10.0.1

Published Jun 20, 2025

Tracked Since Feb 18, 2026