Privilege Escalation Vulnerability in Pure Storage FlashArray and FlashBlade Products
CVE-2022-32553

8.8HIGH

Key Information:

Vendor: Purestorage
Status: Purity\/\/fa
Vendor: CVE Published:; 23 June 2022

🔔 Create Purestorage Vulnerability Alert

What is CVE-2022-32553?

Certain Pure Storage FlashArray and FlashBlade products are susceptible to a privilege escalation vulnerability, allowing logged-in users to manipulate environment variables. This can enable an escape from a restricted shell environment to gain access to an unrestricted shell with root privileges, posing a significant risk to system integrity. Pure Storage has provided remediation options, including a self-serve ‘opt-in’ patch, manual patch application, or upgrading to unaffected versions of Purity software.

References

https://support.purestorage.com/Pure_Security/Security_Bu...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2022
Vulnerability Reserved
Jun 8, 2022