Pure FlashArray and FlashBlade Vulnerability: Remote Command Execution via SNMP
CVE-2024-0005

8.8HIGH

Key Information:

Vendor: Purestorage
Status: Flasharray; Flashblade
Vendor: CVE Published:; 23 September 2024

🔔 Create Purestorage Vulnerability Alert

What is CVE-2024-0005?

A vulnerability exists in the Purity software of both FlashArray and FlashBlade products from Pure Storage that allows a malicious user to execute arbitrary commands remotely. This occurs through a specifically crafted SNMP configuration, creating significant security risks for users. Affected users are urged to review their SNMP configurations and update to the latest security patches provided by Pure Storage to mitigate potential exploitation.

Affected Version(s)

FlashArray Purity 5.0.0 <= 5.0.11

FlashArray Purity 5.1.0 <= 5.1.17

FlashArray Purity 5.2.0 <= 5.2.7

References

https://purestorage.com/security

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2024
Vulnerability Reserved
Nov 1, 2023