CVE-2022-32554

{"id": "CVE-2022-32554", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-06-23T17:15:13.953", "references": [{"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04", "tags": ["Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."}, {"lang": "es", "value": "Los productos Pure Storage FlashArray que ejecutan Purity//FA versiones 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x y versiones anteriores de Purity//FA, y los productos Pure Storage FlashBlade que ejecutan Purity//FB versiones 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x y versiones anteriores de Purity//FB son vulnerables a las credenciales posiblemente expuestas para acceder a la interfaz de gesti\u00f3n del producto. La contrase\u00f1a puede ser conocida fuera de Pure Storage y podr\u00eda ser usada en un sistema afectado, si es accesible, para ejecutar instrucciones arbitrarias con privilegios de root. Ning\u00fan otro producto o servicio de Pure Storage est\u00e1 afectado. La soluci\u00f3n est\u00e1 disponible en Pure Storage por medio de un parche de autoservicio \"opt-in\", la aplicaci\u00f3n manual del parche o una actualizaci\u00f3n del software a una versi\u00f3n no afectada del software Purity"}], "lastModified": "2022-07-05T13:16:31.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F0D5971-5894-4F3F-B0AD-A13BD0EA4AC2", "versionEndExcluding": "5.3.18"}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D216A489-89FB-4799-9992-F5448C236678", "versionEndExcluding": "6.0.9", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E69D4672-2465-432F-9819-F7226BD7FD56", "versionEndExcluding": "6.1.13", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F84BEE75-E026-4FE0-BA6E-5807A5826053", "versionEndExcluding": "6.2.4", "versionStartIncluding": "6.2.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B71C29-4BF3-4AA7-A2CE-551B767031C8", "versionEndExcluding": "3.1.13"}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCBE46B1-B936-4CF8-9C5D-AD663362C426", "versionEndExcluding": "3.2.5", "versionStartIncluding": "3.2.0"}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80890A7B-9D37-43B7-B5DF-AECAF3206635", "versionEndExcluding": "3.3.1", "versionStartIncluding": "3.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}