CVE-2024-0003

A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
References
Link Resource
https://purestorage.com/security Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:6.5.0:*:*:*:*:*:*:*

History

27 Sep 2024, 14:23

Type Values Removed Values Added
CPE cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:6.5.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Purestorage purity\/\/fa
Purestorage
References () https://purestorage.com/security - () https://purestorage.com/security - Vendor Advisory
CVSS v2 : unknown
v3 : 9.1
v2 : unknown
v3 : 7.2

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Existe una condición en FlashArray Purity por la cual un usuario malintencionado podría usar un servicio administrativo remoto para crear una cuenta en la matriz que permita acceso privilegiado.

23 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-23 18:15

Updated : 2024-09-27 14:23


NVD link : CVE-2024-0003

Mitre link : CVE-2024-0003

CVE.ORG link : CVE-2024-0003


JSON object : View

Products Affected

purestorage

  • purity\/\/fa
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management