CVE-2023-25940

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS version 9.5.0.0

Description The issue is related to improper link resolution before file access in the isi gather info function. A local attacker, potentially with low privileges, could exploit this, leading to system takeover and breaking compliance mode guarantees.

Recommendations For Dell PowerScale OneFS version 9.5.0.0, consider restricting access to the isi gather info function until a patch is available. Additionally, review system configurations to minimize the risk of exploitation by low-privileged users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.