Description
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution, denial of service, elevation of privileges, and information disclosure.
Published: 2026-03-04
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation enabling code execution, denial of service, and information disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability is caused by incorrect default permissions that allow a local user with high privileges to obtain further elevated rights. This can lead to arbitrary code execution, cause denial of service, and expose sensitive information. The weakness is identified as a privilege management flaw.

Affected Systems

Dell PowerScale OneFS, versions prior to 9.10.1.6 and 9.11.0.0 through 9.12.0.1 are affected. These versions contain improper default permission settings that can be exploited by local attackers to gain elevated privileges.

Risk and Exploitability

The CVSS score of 6.7 indicates a moderate severity. The EPSS score is below 1% and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting low current exploitation likelihood. The attack vector is local; an attacker must have local high‑privilege access to the OneFS system. By changing or abusing the default permissions, the attacker can run arbitrary code, cause service disruption, and potentially read or modify protected data.

Generated by OpenCVE AI on April 16, 2026 at 13:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the Dell PowerScale OneFS security update that patches incorrect default permissions for affected releases.
  • Restrict local access to the OneFS management interfaces, ensuring only trusted administrators have console or shell access and enforce strong authentication.
  • Review ACL configurations to confirm that non‑privileged accounts do not have elevated rights, and manually correct any deviations if a patch cannot be applied immediately.

Generated by OpenCVE AI on April 16, 2026 at 13:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
CPEs cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell powerscale Onefs

Wed, 04 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 12:45:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution, denial of service, elevation of privileges, and information disclosure.
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-05T04:55:35.184Z

Reserved: 2025-12-24T16:33:47.095Z

Link: CVE-2026-21423

cve-icon Vulnrichment

Updated: 2026-03-04T14:46:59.469Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T13:15:57.310

Modified: 2026-03-04T20:49:00.013

Link: CVE-2026-21423

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:45:21Z

Weaknesses