CVE-2024-53298 in PowerScale OneFS
Summary
by MITRE • 06/20/2025
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/26/2026
The vulnerability identified as CVE-2024-53298 affects Dell PowerScale OneFS storage systems running versions between 9.5.0.0 and 9.10.0.1, representing a critical authorization flaw within the Network File System (NFS) export functionality. This weakness stems from inadequate access controls that fail to properly authenticate remote users attempting to access filesystem resources through NFS protocols. The vulnerability exists in the authorization layer of the storage system's network services, where proper validation of client credentials and access permissions is insufficiently enforced.
The technical nature of this flaw allows an unauthenticated attacker to exploit the missing authorization checks during NFS export operations, bypassing normal authentication mechanisms that should validate user identities and their respective access rights. This represents a direct violation of the principle of least privilege and fails to implement proper access control measures as mandated by security frameworks. The vulnerability specifically impacts the NFS service implementation within the OneFS operating system, where the authorization logic does not adequately verify client requests before granting filesystem access permissions.
Operationally, this vulnerability presents a severe risk to organizations utilizing Dell PowerScale systems, as it enables complete unauthorized access to stored data without requiring valid credentials or authentication. Attackers can leverage this weakness to perform read, write, and delete operations on arbitrary files within the affected filesystems, potentially leading to data exfiltration, data corruption, or complete system compromise. The impact extends beyond simple unauthorized access, as the vulnerability can be exploited remotely, eliminating the need for physical presence or network insider access. This characteristic significantly increases the attack surface and potential damage scope, particularly in environments where storage systems contain sensitive or critical data assets.
Organizations affected by this vulnerability should immediately implement the recommended remediation measures provided by Dell, which primarily involve upgrading to a patched version of the OneFS operating system. The mitigation strategy should include comprehensive network segmentation to limit access to NFS services, implementation of additional monitoring controls to detect unauthorized access attempts, and thorough assessment of all NFS export configurations. Security teams should also consider implementing network-based intrusion detection systems to monitor for exploitation attempts and establish incident response procedures specifically addressing unauthorized filesystem access scenarios. This vulnerability aligns with CWE-285, which addresses improper authorization issues in software systems, and represents a significant concern under the ATT&CK framework's privilege escalation and credential access categories, particularly in the context of file and directory permissions.