CVE-2024-24901 - Vulnerability Details - OpenCVE

Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Powerscale Onefs

Configuration 1 [-]

OR	cpe:2.3:a:dell:powerscale_onefs::::::::
	cpe:2.3:a:dell:powerscale_onefs::::::::
	cpe:2.3:a:dell:powerscale_onefs::::::::
	cpe:2.3:a:dell:powerscale_onefs:9.6.1:::::::*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities

History

Wed, 08 Jan 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell powerscale Onefs
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:dell:powerscale_onefs:::::::: cpe:2.3:a:dell:powerscale_onefs:9.6.1:::::::*
Vendors & Products		Dell Dell powerscale Onefs

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-03-04T13:23:28.629Z

Updated: 2024-08-12T13:57:52.556Z

Reserved: 2024-02-01T13:40:59.757Z

Link: CVE-2024-24901

Vulnrichment

Updated: 2024-08-01T23:28:12.905Z

NVD

Status : Analyzed

Published: 2024-03-04T14:15:41.390

Modified: 2025-01-08T15:38:23.727

Link: CVE-2024-24901

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24901", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2024-02-01T13:40:59.757Z", "datePublished": "2024-03-04T13:23:28.629Z", "dateUpdated": "2024-08-12T13:57:52.556Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerScale OneFS", "vendor": "Dell", "versions": [{"lessThanOrEqual": "9.2.1.24", "status": "affected", "version": "8.2.0", "versionType": "semver"}, {"lessThanOrEqual": "9.4.0.16", "status": "affected", "version": " 9.3.0.0", "versionType": "semver"}, {"lessThanOrEqual": "9.5.0.6", "status": "affected", "version": "9.5.0.0", "versionType": "semver"}, {"status": "affected", "version": "9.6.1.0"}]}], "datePublic": "2024-03-04T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period."}], "value": "Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-778", "description": "CWE-778: Insufficient Logging", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-03-04T13:23:28.629Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.905Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-12T13:57:05.112738Z", "id": "CVE-2024-24901", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T13:57:52.556Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.905Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24901", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-12T13:57:05.112738Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T13:57:19.219Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "8.2.0", "versionType": "semver", "lessThanOrEqual": "9.2.1.24"}, {"status": "affected", "version": " 9.3.0.0", "versionType": "semver", "lessThanOrEqual": "9.4.0.16"}, {"status": "affected", "version": "9.5.0.0", "versionType": "semver", "lessThanOrEqual": "9.5.0.6"}, {"status": "affected", "version": "9.6.1.0"}], "defaultStatus": "unaffected"}], "datePublic": "2024-03-04T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-778", "description": "CWE-778: Insufficient Logging"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-03-04T13:23:28.629Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24901", "state": "PUBLISHED", "dateUpdated": "2024-08-12T13:57:52.556Z", "dateReserved": "2024-02-01T13:40:59.757Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-03-04T13:23:28.629Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB637D7A-A495-4C22-9064-C09E910057C0", "versionEndExcluding": "9.2.1.25", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "CED2F99D-0CD5-49E6-9954-6E9C7171614C", "versionEndExcluding": "9.4.0.17", "versionStartIncluding": "9.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "F071B492-8628-4AEE-8F7C-607414A47C58", "versionEndExcluding": "9.5.0.7", "versionStartIncluding": "9.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerscale_onefs:9.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6A64A1FA-6F4B-4116-BC72-5AA79D25A85A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period."}, {"lang": "es", "value": "Dell PowerScale OneFS 8.2.x a 9.6.0.x contiene una vulnerabilidad de registro insuficiente. Un usuario malintencionado local con altos privilegios podr\u00eda explotar esta vulnerabilidad, provocando que los mensajes de auditor\u00eda se pierdan y no se registren durante un per\u00edodo de tiempo espec\u00edfico."}], "id": "CVE-2024-24901", "lastModified": "2025-01-08T15:38:23.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 2.5, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-04T14:15:41.390", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-778"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}