The software vulnerabilities pertain to international technology corporation Dell’s PowerScale OneFS, which according to an online ‘Technical White Paper’ on Dell’s portal is “used to power all Dell EMC PowerScale scale-out NAS storage solutions.” One of the software vulnerabilities, in particular, presents a potential cybersecurity risk where, due to a flaw in certain versions of Dell EMC PowerScale OneFS, a malicious remote attacker could potentially take over the filesystem. Along the same lines when it comes to Dell’s EMC IT infrastructure division components, Dell experienced software vulnerabilities in September this year relating to a virtualization product known as VxRail, as well as multiple other third-party components. Dell is the world leader in Distributed File Systems and Object storage.
About Dell EMC PowerScale OneFS
Dell’s PowerScale OneFS is a file system product designed to power next-gen data centers. A Dell Technical White Paper reveals that the PowerScale OneFS system replaces traditional storage models such as, “file system, volume manager, and data protection” in addition to, “providing a unifying clustered file system with integrated scalable data protection, and obviating the need for volume management.” The innovative software, “directly enables enterprises to successfully utilize the scale-out NAS in their environments today” thereby reducing the need for personnel as well as complexity with the added benefits of, “self-healing and self-managing functionality” -vastly improving storage management efficiency in an enterprise environment. The product is designed for file-based as well as unstructured Big Data applications in enterprise environments including, “large-scale home directories, file shares, archives, virtualization, and business analytics.”
The Dell PowerScale OneFS Vulnerabilities
A total of two software vulnerabilities (CVE-2021-21528 and CVE-2021-36315) has been reported by Dell.
CVE-2021-21528 Analysis
The high-risk software vulnerability is type: information exposure. Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, and 9.2.1.x contains an ‘Exposure of Information’ through a ‘Directory Listing’ vulnerability. Therefore, a remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized access to the filesystem.
Vulnerable Software Versions And Products
The following versions of Dell EMC PowerScale OneFS are vulnerable to the high-risk issue; Dell EMC PowerScale OneFS versions; 9.1.0, 9.2.0.x, and 9.2.1.x Affected products; Isilon A100, Isilon A200, Isilon A2000, Isilon F800, Isilon F810, Isilon H400, Isilon H500, Isilon H600, Isilon NL410, Isilon S210, Isilon X210, Isilon X410, PowerScale Archive A300, PowerScale Archive A3000, PowerScale F200, PowerScale F600, PowerScale Hybrid H700, PowerScale Hybrid H7000
Important User Information
A fix has been released that resolves any potential security risks. PowerScale OneFS administrators should immediately update the software to the latest version found here.