A high-severity vulnerability has been identified in Dell PowerScale OneFS, a widely used scale-out network-attached storage platform. An unauthenticated remote attacker could exploit this flaw to execute arbitrary commands, potentially leading to a full system compromise. Successful exploitation could result in a significant data breach, loss of data integrity, and disruption of critical business operations.

This vulnerability is a remote command injection flaw in the web-based management interface of Dell PowerScale OneFS. An unauthenticated attacker with network access to the management interface can send a specially crafted HTTP request containing malicious commands. The system fails to properly sanitize this input, allowing the commands to be executed on the underlying operating system with elevated privileges, leading to a complete compromise of the storage node.

This vulnerability is rated as High severity with a CVSS score of 8.1. A successful exploit could have severe consequences for the organization, as PowerScale systems often store critical and sensitive business data. The primary risks include unauthorized access to, modification of, or exfiltration of all data residing on the storage system. Furthermore, an attacker could leverage the compromised system to pivot and launch further attacks against the internal network, disrupt storage availability, or deploy ransomware, leading to significant financial loss, reputational damage, and potential regulatory penalties.

Immediate Action: Apply the security updates provided by Dell to all affected PowerScale OneFS systems immediately. Prioritize patching for systems with management interfaces exposed to less trusted networks. After patching, review access and system logs for any indicators of compromise that may have occurred prior to the update.

Proactive Monitoring: System administrators should actively monitor web server logs for the OneFS management interface, looking for unusual or malformed HTTP requests, especially those containing shell commands or special characters in URL parameters or form fields. Monitor for unexpected outbound network connections from PowerScale nodes and review system logs for any anomalous process executions.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Restrict network access to the PowerScale management interface using strict firewall rules. Access should only be permitted from a dedicated, secure management network or specific, trusted IP addresses.
• Place a Web Application Firewall (WAF) in front of the management interface with rules designed to detect and block command injection attempts.

Public Exploit Available: false

This vulnerability presents a critical risk to the confidentiality, integrity, and availability of data stored on affected Dell systems. Given the high CVSS score of 8.1, immediate patching is the most effective mitigation and should be treated as a top priority. While this vulnerability is not currently on the CISA KEV list, its severity makes it a strong candidate for future inclusion. If patching cannot be performed immediately, organizations must implement the recommended compensating controls to reduce the attack surface and limit exposure.