CVE-2024-39578

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:9.8.0.0:*:*:*:*:*:*:*

History

03 Sep 2024, 20:56

Type Values Removed Values Added
First Time Dell powerscale Onefs
Dell
CPE cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:9.8.0.0:*:*:*:*:*:*:*
CWE CWE-59
References () https://www.dell.com/support/kbdoc/en-us/000228207/dsa-2024-346-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000228207/dsa-2024-346-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities - Vendor Advisory

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Las versiones 8.2.2.x a 9.8.0.1 de Dell PowerScale OneFS contienen una vulnerabilidad de enlace simbólico (symlink) de UNIX. Un atacante local con privilegios elevados podría aprovechar esta vulnerabilidad, lo que provocaría una denegación de servicio y la manipulación de la información.

31 Aug 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-31 08:15

Updated : 2024-09-03 20:56


NVD link : CVE-2024-39578

Mitre link : CVE-2024-39578

CVE.ORG link : CVE-2024-39578


JSON object : View

Products Affected

dell

  • powerscale_onefs
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-61

UNIX Symbolic Link (Symlink) Following