Dell PowerScale OneFS Security Advisory DSA-2025-272: Multiple CVEs in BaseOS, OneFS, OpenSSH, OpenSSL, Python, Samba

Critical Vulnerability Information Vulnerability Overview Advisory ID: DSA-2025-272 Product: Dell PowerScale OneFS Description: Multiple security vulnerabilities could be exploited by malicious users. Affected Components and CVEs BaseOS: - CVE-2024-56071 (CVSS: 7.1) - CVE-2024-2428 (CVSS: 7.1) - CVE-2023-7713 (CVSS: 7.1) OneFS: - CVE-2023-49933 (CVSS: 7.5) - CVE-2023-49934 (CVSS: 7.5) OpenSSH: - CVE-2023-26455 (CVSS: 7.5) OpenSSL: - CVE-2023-27274 (CVSS: 7.5) Python: - CVE-2023-40003 (CVSS: 7.5) - CVE-2024-24456 (CVSS: 7.5) Samba: - CVE-2023-27275 (CVSS: 7.5) - CVE-2023-27277 (CVSS: 7.5) - CVE-2023-38882 (CVSS: 7.5) Vulnerability Details IDV-2025-2721: - Description: Dell PowerScale OneFS, versions 5.1.0.0 through 9.1.0.0.0, contains an increased attack surface for sensitive information disclosure due to insufficient website alias configuration, which could lead to the vulnerability. - CVSS Base Score: 4.0 - CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products and Remediation Affected Versions: - PowerScale OneFS: 5.1.0.0 to 9.1.0.0.0 Fixed Versions: - PowerScale OneFS: 6.0.13.0 or later Mitigation and Recommendations DVE: - Customers are advised to upgrade to Long-Term Support (LTS) 2022 version or version 9.1.0.0.0. - Follow guidance in the Dell Technologies Security Advisory Summary and Security Advisories Release Schedule for Supported Versions of Dell PowerScale OneFS. Revision History 1.0: Initial release on 2023-08-03 2.0: Updated on 2023-09-01 to include affected versions 5.1.0.0, 5.2.0.0, and 5.3.1.0 3.0: Updated on 2023-09-24 to include CVE-2023-38882 ``` This information provides detailed details about multiple security vulnerabilities in Dell PowerScale OneFS, including affected components, CVE IDs, vulnerability descriptions, CVSS scores, and remediation recommendations.

Goal Reached Thanks to every supporter — we hit 100%!

Dell PowerScale OneFS Security Advisory DSA-2025-272: Multiple CVEs in BaseOS, OneFS, OpenSSH, OpenSSL, Python, Samba