Description
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: 2026-03-04
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Elevation of Privileges
Action: Immediate Patch
AI Analysis

Impact

Data indicates that the vulnerability involves execution with unnecessary privileges, allowing a local attacker who already holds high privileged access to elevate their rights further. This flaw aligns with CWE‑250, permitting the attacker to gain unauthorized administrative capabilities that can compromise system integrity or enable the execution of arbitrary commands on Dell PowerScale OneFS devices.

Affected Systems

Affected product is Dell PowerScale OneFS. Versions lacking the fix include all releases prior to 9.10.1.6, and versions in the 9.11.0.0 through 9.12.0.1 range. These installations remain susceptible until updated to the patched firmware.

Risk and Exploitability

The CVSS score of 6.7 denotes a moderate severity, while an EPSS score under 1% suggests exploitation is unlikely but not impossible. The vulnerability is not listed as a known exploited vulnerability by CISA, and the attack requires local high privileged access, meaning it is not remotely exploitable. Nevertheless, local users with high privileges should obtain the patch promptly to prevent privilege escalation.

Generated by OpenCVE AI on April 16, 2026 at 13:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerScale OneFS firmware update that addresses the unnecessary privilege execution issue, as detailed in Dell’s security advisory (000432452).
  • Reboot the OneFS node after the update to ensure the firmware changes take effect.
  • Review local account permissions and remove or reduce any unnecessary high privileged accounts, following Dell's least‑privilege guidance.

Generated by OpenCVE AI on April 16, 2026 at 13:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Unnecessary Privilege Execution Elevates Local User Access in Dell PowerScale OneFS

Wed, 04 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
CPEs cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell powerscale Onefs

Wed, 04 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-05T04:55:30.657Z

Reserved: 2025-12-24T16:33:47.095Z

Link: CVE-2026-21424

cve-icon Vulnrichment

Updated: 2026-03-04T14:11:12.844Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T13:15:57.470

Modified: 2026-03-04T20:48:30.273

Link: CVE-2026-21424

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:45:21Z

Weaknesses