FlashArray SafeMode Immutable Vulnerability
CVE-2023-28373

4.4MEDIUM

Key Information:

Vendor: Pure Storage
Status: Flasharray Purity
Vendor: CVE Published:; 3 October 2023

🔔 Create Pure Storage Vulnerability Alert

What is CVE-2023-28373?

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.

Affected Version(s)

FlashArray Purity 6.1.0 <= 6.1.22

FlashArray Purity 6.2.0 <= 6.2.15

FlashArray Purity 6.3.0 <= 6.3.6

References

https://support.purestorage.com/Employee_Handbooks/Techni...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Mar 15, 2023

Credit

Mountain America Credit Union (MACU)