CVE-2024-25959

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25959
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.

7.9 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
History

09 Jan 2025, 16:45

Type Values Removed Values Added
CPE cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
First Time Dell
Dell powerscale Onefs
References () https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities - Vendor Advisory

21 Nov 2024, 09:01

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities -
Summary
  • (es) Dell PowerScale OneFS versiones 9.4.0.x a 9.7.0.x contiene una inserción de información confidencial en la vulnerabilidad del archivo de registro. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad, lo que provocaría la divulgación de información confidencial y una escalada de privilegios.

28 Mar 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-28 18:15

Updated : 2025-01-09 16:45

NVD link : CVE-2024-25959

Mitre link : CVE-2024-25959

CVE.ORG link : CVE-2024-25959

JSON object : View

Products Affected

dell

  • powerscale_onefs
CWE
CWE-532

Insertion of Sensitive Information into Log File