CVE-2024-0002

Published: Sep 23, 2024Modified: Sep 27, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.

Affected (7)

Products: Purestorage: Purity//fa

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Purestorage Purity//fa	From 5.3.17 to 5.3.21
Purestorage Purity//fa	From 6.0.7 to 6.0.9
Purestorage Purity//fa	From 6.1.8 to 6.1.25
Purestorage Purity//fa	From 6.2.0 to 6.2.17
Purestorage Purity//fa	From 6.3.0 to 6.3.14
Purestorage Purity//fa	From 6.4.0 to 6.4.10
Purestorage Purity//fa	Version 6.5.0

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (1)

https://purestorage.com/security

Source: psirt@purestorage.com

Vendor Advisory

Timeline

No history available yet.