CVE-2023-28373

Published: Oct 3, 2023Modified: Nov 21, 2024

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.

Affected (4)

Products: Purestorage: Purity//fa

Purestorage

1 product

Purity//fa

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Purestorage Purity//fa	From 6.1.0 to 6.1.22
Purestorage Purity//fa	From 6.2.0 to 6.2.15
Purestorage Purity//fa	From 6.3.0 to 6.3.6
Purestorage Purity//fa	Version 6.4.0

References (2)

https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373

Source: psirt@purestorage.com

Vendor Advisory

https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.