Dell PowerScale OneFS NFS Export Auth Bypass (9.5.0.0-9.10.0.1)
CVE-2024-53298 Published on June 20, 2025
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.
Vulnerability Analysis
CVE-2024-53298 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2024-53298 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-53298
Want to know whenever a new CVE is published for Dell Powerscale Onefs? stack.watch will email you.
Affected Versions
Dell PowerScale OneFS:- Version 9.5.0.0, <= 9.10.0.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.