Description
Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
Published: 2026-03-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

Dell PowerScale OneFS version 9.13.0.0 includes an overly restrictive account lockout mechanism. An attacker who can connect remotely without valid credentials may trigger the lockout, preventing legitimate users from accessing the system. This results in a denial of service by rendering the storage array unusable for authenticated operations. The flaw falls under CWE‑645, indicating an insecure authentication configuration.

Affected Systems

The vulnerability affects Dell PowerScale OneFS releases beginning with version 9.13.0.0, as identified in the Dell support advisory.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, while the EPSS score of less than 1 % shows a very low exploitation probability at present. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. The attack vector is remote and unauthenticated; an attacker can reach the affected system over the network and activate the lockout policy without needing valid credentials.

Generated by OpenCVE AI on April 16, 2026 at 13:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the official Dell PowerScale OneFS 9.13.0.0 security update, ensuring the account lockout policy is correctly configured.
  • After applying the update, confirm that legitimate user accounts can log in and that the lockout mechanism no longer blocks authorized access for a short burst of failed attempts.
  • Continuously monitor authentication logs for unexpected lockout events and adjust account lockout thresholds to prevent accidental denial of legitimate users.

Generated by OpenCVE AI on April 16, 2026 at 13:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Overly Restrictive Account Lockout Mechanism Causing Denial of Service in Dell PowerScale OneFS

Wed, 04 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
CPEs cpe:2.3:o:dell:powerscale_onefs:9.13.0.0:*:*:*:*:*:*:*
Vendors & Products Dell
Dell powerscale Onefs

Wed, 04 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
Weaknesses CWE-645
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-04T14:08:41.408Z

Reserved: 2026-02-08T18:05:27.450Z

Link: CVE-2026-25907

cve-icon Vulnrichment

Updated: 2026-03-04T14:08:33.641Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T13:15:58.470

Modified: 2026-03-04T20:45:09.673

Link: CVE-2026-25907

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:45:21Z

Weaknesses