Skip to main content

Powerscale Onefs CVE-2024-53298

| EUVDEUVD-2024-54692 CRITICAL
Missing Authorization (CWE-862)
2025-06-20 security_alert@emc.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 00:19 euvd
EUVD-2024-54692
Analysis Generated
Mar 15, 2026 - 00:19 vuln.today
CVE Published
Jun 20, 2025 - 14:15 nvd
CRITICAL 9.8

DescriptionCVE.org

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.

AnalysisAI

CVE-2024-53298 is a critical missing authorization vulnerability in Dell PowerScale OneFS NFS export functionality that allows unauthenticated remote attackers to gain unauthorized filesystem access without authentication. Affected versions range from 9.5.0.0 through 9.10.0.1, and successful exploitation enables arbitrary file read, modification, and deletion, leading to complete system compromise. With a CVSS score of 9.8 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to unpatched Dell PowerScale deployments; KEV status and active exploitation details require vendor advisory verification.

Technical ContextAI

The vulnerability exists in the NFS (Network File System) export functionality of Dell PowerScale OneFS, a unified storage operating system. The root cause is classified as CWE-862 (Missing Authorization), indicating that the NFS export mechanism fails to properly validate user authentication and authorization before granting filesystem access. NFS is a stateless protocol operating at OSI layer 7 (application layer, typically over UDP/TCP port 2049), and the missing authorization check allows unauthenticated clients to mount and access exported filesystems that should require proper Kerberos, user/group mapping, or other authentication mechanisms. The affected product CPE would be cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:* with version constraints 9.5.0.0 ≤ version ≤ 9.10.0.1. This represents a fundamental flaw in the NFS export ACL/permission enforcement layer, not a crypto or protocol-level issue.

RemediationAI

Immediate actions: (1) Apply Dell security patches for PowerScale OneFS—consult Dell Security Advisory for specific patch versions addressing CVE-2024-53298 (expected to be released in maintenance updates following 9.10.0.1); (2) Upgrade to PowerScale OneFS 9.11.0.0 or later if available and tested in your environment; (3) As interim mitigation, restrict NFS export access via firewall rules to trusted subnets only, and disable NFS exports if not required; (4) Implement network segmentation to isolate PowerScale storage from untrusted networks; (5) Review NFS export configurations and apply restrictive export ACLs (no_root_squash, security models); (6) Monitor NFS access logs for unauthorized mount attempts. Contact Dell support for patch availability timeline and validation in your specific deployment (physical cluster vs. software OneFS). Testing patches in non-production environments before production deployment is strongly recommended.

CVE-2025-27690 CRITICAL
9.8 Apr 10

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. Rated critic

CVE-2026-22278 HIGH
8.1 Jan 22

Powerscale Onefs versions up to 9.13.0.0 is affected by improper restriction of excessive authentication attempts (CVSS

CVE-2025-26330 HIGH
7.0 Apr 10

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. Rated high

CVE-2026-21424 MEDIUM
6.7 Mar 04

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

CVE-2026-21421 MEDIUM
6.7 Mar 04

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

CVE-2026-21426 MEDIUM
6.7 Mar 04

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

CVE-2026-22270 MEDIUM
6.7 Mar 04

Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 contain an uncontrolled search path vulnera

CVE-2025-43722 MEDIUM
6.7 Sep 08

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management vulnerability. Rated medium

CVE-2026-21423 MEDIUM
6.7 Mar 04

Incorrect default file permissions in Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 allow

CVE-2026-21425 MEDIUM
6.7 Mar 04

Privilege escalation in Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 stems from incorrec

CVE-2025-22471 MEDIUM
6.5 Apr 10

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. Rate

CVE-2025-30102 MEDIUM
5.5 May 08

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. Rated medium se

Share

CVE-2024-53298 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy