Warning: Critical vulnerability in Dell PowerScale OneFS leads to full system compromise, Patch Immediately!

Image
Decorative image
Published : 10/06/2025
  • Last update: 06/06/2025
  • Affected software: PowerScale OneFS versions 9.5.0.0 through 9.10.0.1
  • Type:
    → Missing Authorization
  • CVE/CVSS:
    → CVE-2024-53298: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities

Risks

Successful exploitation of CVE-2024-53298 affecting various versions of PowerScale OneFS could allow
unauthenticated attackers to gain full access to the file system over the network.

CVE-2024-53298 has a significant impact on confidentiality, integrity, and availability.

There is no evidence that a public proof of concept exists. Currently, there is no evidence of active
exploitation.

Description

The NFS service is incorrectly configured or contains a flaw whereby authorisation checks are not
enforced when a client attempts to access NFS exports. This indicates that the system does not validate
whether a requester has permission to access the shared filesystem.
By exploiting this vulnerability, a threat actor can:

  • Remotely access the file system without authentication via NFS.
  • Read sensitive data such as configuration files, credentials, or internal documents.
  • Modify or replace critical files (e.g., scripts, binaries, or logs).
  • Delete important files, causing data loss or system instability.
  • Plant backdoors or malicious scripts to maintain long-term access.
  • Move laterally within the network, using the compromised system as a launch point.
  • Fully compromise the device, leading to loss of control and potential regulatory or business impact.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. Cisco has released software updates that address this vulnerability. There are no workarounds available.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

https://feedly.com/cve/CVE-2024-53298