Potential Privilege Escalation Vulnerability in FlashArray Purity
CVE-2024-0001

9.8CRITICAL

Key Information:

Vendor: Pure Storage
Status: Flasharray
Vendor: CVE Published:; 23 September 2024

🔔 Create Pure Storage Vulnerability Alert

What is CVE-2024-0001?

A local account intended for the initial configuration of FlashArray Purity remains active, creating a security exposure. This vulnerability permits a malicious actor to exploit the inactive account, potentially leading to unauthorized access and elevated privileges within the system. Organizations using FlashArray Purity are advised to assess their security posture and implement necessary mitigations to protect against unauthorized access.

Affected Version(s)

FlashArray Purity 6.3.0 <= 6.3.14

FlashArray Purity 6.4.0 <= 6.4.10

References

https://purestorage.com/security

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2024
Vulnerability Reserved
Nov 1, 2023

JSON