CVE-2024-0004

A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
References
Link Resource
https://purestorage.com/security Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:6.5.0:*:*:*:*:*:*:*

History

27 Sep 2024, 14:24

Type Values Removed Values Added
CPE cpe:2.3:a:purestorage:purity\/\/fa:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:*
First Time Purestorage purity\/\/fa
Purestorage
References () https://purestorage.com/security - () https://purestorage.com/security - Vendor Advisory
CVSS v2 : unknown
v3 : 9.1
v2 : unknown
v3 : 7.2

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Existe una condición en FlashArray Purity por la cual un usuario con rol de administrador de matriz puede ejecutar comandos arbitrarios de forma remota para escalar privilegios en la matriz.

23 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-23 18:15

Updated : 2024-09-27 14:24


NVD link : CVE-2024-0004

Mitre link : CVE-2024-0004

CVE.ORG link : CVE-2024-0004


JSON object : View

Products Affected

purestorage

  • purity\/\/fa
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')