← Back

CVE-2024-0001

nvd nist
Published: Sep 23, 2024Modified: Sep 27, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.

Affected (2)

Purestorage
1 product
Purity//fa
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Purestorage
Purity//fa
From 6.3.0 to 6.3.14
Purity//fa
From 6.4.0 to 6.4.10

Related CWEs

CWE-1188
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (1)

Source: psirt@purestorage.com
Vendor Advisory

Timeline (8)

9/27/2024
4 changes
Initial Analysis - CPE Configuration
02:08 PM
- -
+ OR *cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* versions from (including) 6.3.0 up to (including) 6.3.14 *cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* versions from (including) 6.4.0 up to (including) 6.4.10
Initial Analysis - CWE
02:08 PM
- -
+ NIST CWE-1188
Initial Analysis - Reference Type
02:08 PM
- https://purestorage.com/security No Types Assigned
+ https://purestorage.com/security Vendor Advisory
Initial Analysis - CVSS V3.1
02:08 PM
- -
+ NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9/23/2024
4 changes
New CVE Received - CVSS V3.1
06:15 PM
- -
+ Pure Storage, Inc. AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
New CVE Received - CWE
06:15 PM
- -
+ Pure Storage, Inc. CWE-1188
New CVE Received - Reference
06:15 PM
- -
+ Pure Storage, Inc. https://purestorage.com/security [No types assigned]
New CVE Received - Description
06:15 PM
- -
+ A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.