CVE-2024-0003

Published: Sep 23, 2024Modified: Sep 27, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.

Affected (7)

Products: Purestorage: Purity//fa

Purestorage

1 product

Purity//fa

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Purestorage Purity//fa	From 5.3.17 to 5.3.21
Purestorage Purity//fa	From 6.0.7 to 6.0.9
Purestorage Purity//fa	From 6.1.8 to 6.1.25
Purestorage Purity//fa	From 6.2.0 to 6.2.17
Purestorage Purity//fa	From 6.3.0 to 6.3.14
Purestorage Purity//fa	From 6.4.0 to 6.4.10
Purestorage Purity//fa	Version 6.5.0

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://purestorage.com/security

Source: psirt@purestorage.com

Vendor Advisory

Timeline

No history available yet.