CVE-2023-25942 - OpenCVE

Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Emc Powerscale Onefs

Configuration 1 [-]

OR	cpe:2.3:o:dell:emc_powerscale_onefs::::::::
	cpe:2.3:o:dell:emc_powerscale_onefs::::::::
	cpe:2.3:o:dell:emc_powerscale_onefs::::::::
	cpe:2.3:o:dell:emc_powerscale_onefs:9.5.0.0:::::::*

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2023-04-04T10:28:04.862Z

Updated: 2023-04-04T10:28:04.862Z

Reserved: 2023-02-17T06:15:08.304Z

Link: CVE-2023-25942

JSON object: View

NVD Information

Status : Modified

Published: 2023-04-04T11:15:07.137

Modified: 2023-11-07T04:09:15.507

Link: CVE-2023-25942

JSON object: View

Redhat Information

No data.

CWE

CWE-664

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-25942", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-02-17T06:15:08.304Z", "datePublished": "2023-04-04T10:28:04.862Z", "dateUpdated": "2023-04-04T10:28:04.862Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerScale OneFS", "vendor": "Dell", "versions": [{"status": "affected", "version": "9.2.1.0 through 9.2.1.21 9.4.0.0 through 9.4.0.12 9.5.0.0"}, {"status": "affected", "version": "9.1.0.0 through 9.1.0.28"}, {"status": "affected", "version": "Any other version"}]}], "datePublic": "2023-03-23T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.</span>\n\n"}], "value": "\nDell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-664", "description": "CWE-664: Improper Control of a Resource Through its Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-04-04T10:28:04.862Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CEB3F0B-81C0-4C19-BA99-FAFE92E8AD7F", "versionEndIncluding": "9.1.0.28", "versionStartIncluding": "9.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "F74C69F0-4D52-40B1-BE85-13F93B7A8805", "versionEndExcluding": "9.2.1.22", "versionStartIncluding": "9.2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "755F9436-7563-4365-B230-7F552F404FBE", "versionEndExcluding": "9.4.0.13", "versionStartIncluding": "9.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:9.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D4277818-0438-42C0-AA90-FFDA2F57AD92", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nDell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.\n\n"}], "id": "CVE-2023-25942", "lastModified": "2023-11-07T04:09:15.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2023-04-04T11:15:07.137", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-664"}], "source": "security_alert@emc.com", "type": "Primary"}]}