CVE-2024-24901

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-24901
Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.

3.0 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:9.6.1:*:*:*:*:*:*:*
History

08 Jan 2025, 15:38

Type Values Removed Values Added
CWE NVD-CWE-Other
CPE cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:9.6.1:*:*:*:*:*:*:*
First Time Dell
Dell powerscale Onefs
References () https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities - Vendor Advisory

21 Nov 2024, 08:59

Type Values Removed Values Added
Summary
  • (es) Dell PowerScale OneFS 8.2.x a 9.6.0.x contiene una vulnerabilidad de registro insuficiente. Un usuario malintencionado local con altos privilegios podría explotar esta vulnerabilidad, provocando que los mensajes de auditoría se pierdan y no se registren durante un período de tiempo específico.
References () https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities -

04 Mar 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-04 14:15

Updated : 2025-01-08 15:38

NVD link : CVE-2024-24901

Mitre link : CVE-2024-24901

CVE.ORG link : CVE-2024-24901

JSON object : View

Products Affected

dell

  • powerscale_onefs
CWE
CWE-778

Insufficient Logging

NVD-CWE-Other