CVE-2023-4976

A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

CVSS

No CVSS.

References

Link	Resource
https://www.purestorage.com/security
https://purestorage.com/security

Configurations

No configuration.

History

10 Apr 2025, 15:16

Type	Values Removed	Values Added
References		() https://www.purestorage.com/security -
Summary	(en) A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.	(en) A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

21 Nov 2024, 08:36

Type	Values Removed	Values Added
References	~~() https://purestorage.com/security -~~	() https://purestorage.com/security -

18 Jul 2024, 12:28

Type	Values Removed	Values Added
Summary		(es) Existe una falla en Purity//FB por la cual se permite que una cuenta local se autentique en la interfaz de administración utilizando un método no deseado que permite a un atacante obtener acceso privilegiado a la matriz.

17 Jul 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-17 16:15

Updated : 2025-04-10 15:16

NVD link : CVE-2023-4976

Mitre link : CVE-2023-4976

CVE.ORG link : CVE-2023-4976

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2023-4976", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@purestorage.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-07-17T16:15:03.233", "references": [{"url": "https://www.purestorage.com/security", "source": "psirt@purestorage.com"}, {"url": "https://purestorage.com/security", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@purestorage.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array."}, {"lang": "es", "value": "Existe una falla en Purity//FB por la cual se permite que una cuenta local se autentique en la interfaz de administraci\u00f3n utilizando un m\u00e9todo no deseado que permite a un atacante obtener acceso privilegiado a la matriz."}], "lastModified": "2025-04-10T15:16:01.880", "sourceIdentifier": "psirt@purestorage.com"}