Dell PowerScale OneFS Uncontrolled Search Path Element Vulnerability Allowing Denial-of-Service, Privilege Escalation, and Information Disclosure

A vulnerability has been identified in Dell PowerScale OneFS versions prior to 9.10.1.6 and in the 9.11.0.0 to 9.12.0.1 range. This vulnerability involves an uncontrolled search path element, which could be exploited by a high-privileged attacker with local access. The exploitation of this vulnerability could lead to a denial-of-service condition, unauthorized elevation of privileges, and unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in a denial-of-service condition, unauthorized elevation of privileges, and unauthorized information disclosure.

Remediation

Users can upgrade to Dell PowerScale OneFS version 9.10.1.6 or later, or version 9.13.0.0 or later if they are currently using a version between 9.11.0.0 and 9.12.0.1. For those on version 9.10.0.0 through 9.10.1.5, version 9.10.1.6 or later is recommended.