CVE-2024-0002

A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
References
Link Resource
https://purestorage.com/security Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:6.5.0:*:*:*:*:*:*:*

History

27 Sep 2024, 14:13

Type Values Removed Values Added
References () https://purestorage.com/security - () https://purestorage.com/security - Vendor Advisory
CVSS v2 : unknown
v3 : 10.0
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:6.5.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Purestorage purity\/\/fa
Purestorage

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Existe una condición en FlashArray Purity mediante la cual un atacante puede emplear una cuenta privilegiada que permita el acceso remoto a la matriz.

23 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-23 18:15

Updated : 2024-09-27 14:13


NVD link : CVE-2024-0002

Mitre link : CVE-2024-0002

CVE.ORG link : CVE-2024-0002


JSON object : View

Products Affected

purestorage

  • purity\/\/fa
CWE
NVD-CWE-noinfo CWE-287

Improper Authentication