Privilege Escalation Vulnerability in Pure Storage FlashArray and FlashBlade
CVE-2022-32552

8.8HIGH

Key Information:

Vendor: Purestorage
Status: Purity\/\/fa
Vendor: CVE Published:; 23 June 2022

🔔 Create Purestorage Vulnerability Alert

What is CVE-2022-32552?

Pure Storage FlashArray and FlashBlade products are susceptible to a privilege escalation vulnerability that allows a logged-in user to manipulate Python environment variables. This exploitation can enable the user to escape from a restricted shell to an unrestricted shell with root privileges. Affected versions include multiple releases of Purity software, making it imperative for users of impacted products to apply remediation measures. Pure Storage has provided a self-serve 'opt-in' patch and options for manual patch application or software upgrade to protect against this vulnerability.

References

https://support.purestorage.com/Pure_Security/Security_Bu...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2022
Vulnerability Reserved
Jun 8, 2022