CRITICAL🇵🇱 Wersja polska

CVE-2024-0004

CVSS 9.1v3.1pub. 2024-09-23upd. 2024-09-27

A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Purestorage Purity\/\/fa

    APP
    Purestorage
    6.5.05.1.0 – 5.1.175.2.0 – 5.2.75.3.0 – 5.3.216.0.0 – 6.0.95.0.0 – 5.0.116.2.0 – 6.2.176.3.0 – 6.3.146.4.0 – 6.4.106.1.0 – 6.1.25
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-0001CRITICAL10.0PL ✓ten sam produkt

FlashArray Purity — aktywne konto lokalne umożliwia privilege escalation

CVE-2024-0005CRITICAL9.1PL ✓ten sam produkt

Command injection w Pure Storage Purity poprzez konfigurację SNMP

CVE-2024-0003CRITICAL9.1PL ✓ten sam produkt

Pure Storage FlashArray Purity — nieautoryzowane tworzenie konta z uprawnieniami

CVE-2024-0002CRITICAL10.0PL ✓ten sam produkt

Obejście uwierzytelnienia w Pure Storage FlashArray Purity (CVSS 10.0)

CVE-2022-32554CRITICAL9.8ten sam produkt

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3....