Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.
AnalysisAI
CVE-2024-53298 is a critical missing authorization vulnerability in Dell PowerScale OneFS NFS export functionality that allows unauthenticated remote attackers to gain unauthorized filesystem access without authentication. Affected versions range from 9.5.0.0 through 9.10.0.1, and successful exploitation enables arbitrary file read, modification, and deletion, leading to complete system compromise. With a CVSS score of 9.8 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to unpatched Dell PowerScale deployments; KEV status and active exploitation details require vendor advisory verification.
Technical ContextAI
The vulnerability exists in the NFS (Network File System) export functionality of Dell PowerScale OneFS, a unified storage operating system. The root cause is classified as CWE-862 (Missing Authorization), indicating that the NFS export mechanism fails to properly validate user authentication and authorization before granting filesystem access. NFS is a stateless protocol operating at OSI layer 7 (application layer, typically over UDP/TCP port 2049), and the missing authorization check allows unauthenticated clients to mount and access exported filesystems that should require proper Kerberos, user/group mapping, or other authentication mechanisms. The affected product CPE would be cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:* with version constraints 9.5.0.0 ≤ version ≤ 9.10.0.1. This represents a fundamental flaw in the NFS export ACL/permission enforcement layer, not a crypto or protocol-level issue.
RemediationAI
Immediate actions: (1) Apply Dell security patches for PowerScale OneFS—consult Dell Security Advisory for specific patch versions addressing CVE-2024-53298 (expected to be released in maintenance updates following 9.10.0.1); (2) Upgrade to PowerScale OneFS 9.11.0.0 or later if available and tested in your environment; (3) As interim mitigation, restrict NFS export access via firewall rules to trusted subnets only, and disable NFS exports if not required; (4) Implement network segmentation to isolate PowerScale storage from untrusted networks; (5) Review NFS export configurations and apply restrictive export ACLs (no_root_squash, security models); (6) Monitor NFS access logs for unauthorized mount attempts. Contact Dell support for patch availability timeline and validation in your specific deployment (physical cluster vs. software OneFS). Testing patches in non-production environments before production deployment is strongly recommended.
More in Powerscale Onefs
View allDell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. Rated critic
Powerscale Onefs versions up to 9.13.0.0 is affected by improper restriction of excessive authentication attempts (CVSS
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. Rated high
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 contain an uncontrolled search path vulnera
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management vulnerability. Rated medium
Incorrect default file permissions in Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 allow
Privilege escalation in Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 stems from incorrec
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. Rate
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. Rated medium se
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54692