Detections
Analytics

Dell PowerScale OneFS Multiple Vulnerabilities (DSA-2025-208)

high Nessus Plugin ID 296597

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

The Dell PowerScale OneFS on the remote device is missing a security patch and is, therefore, affected by multiple vulnerabilities, as follows:

- Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. (CVE-2024-53298)

- Dell PowerScale OneFS, versions 9.5.0.0 through 9.7.1.7 and versions 9.8.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering. (CVE-2025-32753)

- An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. (CVE-2024-39689)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Apply the security patch in accordance with the vendor advisory.

See Also

http://www.nessus.org/u?83eb63bc

Plugin Details

Severity: High

ID: 296597

File Name: dell_powerscale_DSA-2025-208.nasl

Version: 1.2

Type: combined

Family: Misc.

Published: 1/26/2026

Updated: 2/3/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2024-39689

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-32753

Vulnerability Information

CPE: cpe:/a:dell:powerscale_onefs

Required KB Items: installed_sw/Dell PowerScale OneFS

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/20/2025

Vulnerability Publication Date: 6/20/2025

Reference Information

CVE: CVE-2022-40899, CVE-2023-7104, CVE-2024-2511, CVE-2024-39689, CVE-2024-53298, CVE-2024-53580, CVE-2024-6923, CVE-2025-32753