Detections
Analytics

Dell PowerScale OneFS Unauthorised File Access Vulnerability (DSA-2025-208)

critical Nessus Plugin ID 296598

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

The Dell PowerScale OneFS on the remote device is missing a security patch and is, therefore, affected by a Unauthorised File Access Vulnerability:

- Dell PowerScale OneFS, versions 9.5.0.0 <= 9.5.1.2 / 9.7.0.0 <= 9.7.1.7 / 9.8.0.0 <= 9.10.0.1, contain a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. (CVE-2024-53298)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Apply the security patch in accordance with the vendor advisory.

See Also

http://www.nessus.org/u?83eb63bc

Plugin Details

Severity: Critical

ID: 296598

File Name: dell_powerscale_DSA-2025-208_CVE-2024-53298.nasl

Version: 1.1

Type: combined

Family: Misc.

Published: 1/26/2026

Updated: 1/26/2026

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-53298

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:dell:powerscale_onefs

Required KB Items: installed_sw/Dell PowerScale OneFS, Settings/ParanoidReport

Patch Publication Date: 6/20/2025

Vulnerability Publication Date: 6/20/2025

Reference Information

CVE: CVE-2024-53298