CVE-2024-0004
published 2024-09-23CVE-2024-0004: A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
PriorityP346high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.65%
46.4th percentile
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| purestorage | flasharray | — | — |
| purestorage | flasharray | 5.0.0 – 5.0.11 | — |
| purestorage | flasharray | 5.1.0 – 5.1.17 | — |
| purestorage | flasharray | 5.2.0 – 5.2.7 | — |
| purestorage | flasharray | 5.3.0 – 5.3.21 | — |
| purestorage | flasharray | 6.0.0 – 6.0.9 | — |
| purestorage | flasharray | 6.1.0 – 6.1.25 | — |
| purestorage | flasharray | 6.2.0 – 6.2.17 | — |
| purestorage | flasharray | 6.3.0 – 6.3.14 | — |
| purestorage | flasharray | 6.4.0 – 6.4.10 | — |
| purestorage | purity_fa | — | — |
| purestorage | purity_fa | 5.0.0 – 5.0.11 | — |
| purestorage | purity_fa | 5.1.0 – 5.1.17 | — |
| purestorage | purity_fa | 5.2.0 – 5.2.7 | — |
| purestorage | purity_fa | 5.3.0 – 5.3.21 | — |
| purestorage | purity_fa | 6.0.0 – 6.0.9 | — |
| purestorage | purity_fa | 6.1.0 – 6.1.25 | — |
| purestorage | purity_fa | 6.2.0 – 6.2.17 | — |
| purestorage | purity_fa | 6.3.0 – 6.3.14 | — |
| purestorage | purity_fa | 6.4.0 – 6.4.10 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h9h6-4wfq-8vwm: A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the arr
ghsa_unreviewed·2024-09-23
CVE-2024-0004 [CRITICAL] CWE-94 GHSA-h9h6-4wfq-8vwm: A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the arr
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
VMware
VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2024-22235)
vendor_vmware·2024-02-20·CVSS 6.7
CVE-2024-22235 [MEDIUM] VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2024-22235)
VMSA-2024-0004: VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2024-22235)
VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Moderate Severity Range with a maximum CVSSv3 base score of 6.7.
CVEs: CVE-2024-22235
Affected products: VMware Aria, VMware Cloud Foundation
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-23
Published