CVE-2024-37132 - OpenCVE

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Powerscale Onefs

Configuration 1 [-]

OR	cpe:2.3:a:dell:powerscale_onefs::::::::
	cpe:2.3:a:dell:powerscale_onefs::::::::
	cpe:2.3:a:dell:powerscale_onefs:9.8.0.0:::::::*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-07-02T07:14:09.624Z

Updated: 2024-08-02T03:50:54.720Z

Reserved: 2024-06-03T12:08:48.717Z

Link: CVE-2024-37132

Vulnrichment

Updated: 2024-08-02T03:50:54.720Z

NVD

Status : Analyzed

Published: 2024-07-02T08:15:05.553

Modified: 2024-07-03T18:01:07.500

Link: CVE-2024-37132

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37132", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2024-06-03T12:08:48.717Z", "datePublished": "2024-07-02T07:14:09.624Z", "dateUpdated": "2024-08-02T03:50:54.720Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerScale OneFS", "vendor": "Dell", "versions": [{"lessThanOrEqual": "9.5.0.8", "status": "affected", "version": "8.2.2.x", "versionType": "semver"}, {"lessThanOrEqual": "9.7.0.0", "status": "affected", "version": "8.2.2.x", "versionType": "semver"}, {"lessThanOrEqual": "9.7.0.2", "status": "affected", "version": "9.7.0.1", "versionType": "semver"}, {"status": "affected", "version": "9.7.0.3", "versionType": "semver"}, {"status": "affected", "version": "9.8.0.0"}]}], "datePublic": "2024-07-01T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges."}], "value": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-07-02T07:14:09.624Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "dell", "product": "powerscale_onefs", "cpes": ["cpe:2.3:a:dell:powerscale_onefs:8.2.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "8.2.2", "status": "affected", "lessThanOrEqual": "9.8.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T14:03:13.590133Z", "id": "CVE-2024-37132", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T14:04:16.768Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:54.720Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:54.720Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37132", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-02T14:03:13.590133Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dell:powerscale_onefs:8.2.2:*:*:*:*:*:*:*"], "vendor": "dell", "product": "powerscale_onefs", "versions": [{"status": "affected", "version": "8.2.2", "versionType": "custom", "lessThanOrEqual": "9.8.0.0"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T14:04:11.913Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "8.2.2.x", "versionType": "semver", "lessThanOrEqual": "9.5.0.8"}, {"status": "affected", "version": "8.2.2.x", "versionType": "semver", "lessThanOrEqual": "9.7.0.0"}, {"status": "affected", "version": "9.7.0.1", "versionType": "semver", "lessThanOrEqual": "9.7.0.2"}, {"status": "affected", "version": "9.7.0.3", "versionType": "semver"}, {"status": "affected", "version": "9.8.0.0"}], "defaultStatus": "unaffected"}], "datePublic": "2024-07-01T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-07-02T07:14:09.624Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37132", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:50:54.720Z", "dateReserved": "2024-06-03T12:08:48.717Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-07-02T07:14:09.624Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF69B0BB-66AD-42D9-87B6-008157A41DC6", "versionEndExcluding": "9.5.1.0", "versionStartIncluding": "8.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "17C84C8F-3718-43C6-B48E-61F13F8766E1", "versionEndExcluding": "9.7.1.0", "versionStartIncluding": "9.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerscale_onefs:9.8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8B26C94F-8198-4439-BE83-F01232D2B1B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges."}, {"lang": "es", "value": "Dell PowerScale OneFS versiones 8.2.2.x a 9.8.0.0 contienen una vulnerabilidad de asignaci\u00f3n de privilegios incorrecta. Un atacante con privilegios elevados y acceso local podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda una denegaci\u00f3n de servicio y una elevaci\u00f3n de privilegios."}], "id": "CVE-2024-37132", "lastModified": "2024-07-03T18:01:07.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2024-07-02T08:15:05.553", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-266"}], "source": "security_alert@emc.com", "type": "Secondary"}]}