Purestorage Purity Fa vulnerabilities
11 known vulnerabilities affecting purestorage/purity_fa.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH6MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2022-32554P2CRITICALCVSS 9.8fixed in 5.3.18≥ 6.0.0, < 6.0.9+2 more2022-06-23
CVE-2022-32554 [CRITICAL] CVE-2022-32554: Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s m
nvd
CVE-2024-0002P2CRITICALCVSS 9.8≥ 5.3.17, ≤ 5.3.21≥ 6.0.7, ≤ 6.0.9+5 more2024-09-23
CVE-2024-0002 [CRITICAL] CWE-287 CVE-2024-0002: A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
nvd
CVE-2024-0005P3HIGHCVSS 8.8≥ 5.0.0, ≤ 5.0.11≥ 5.1.0, ≤ 5.1.17+9 more2024-09-23
CVE-2024-0005 [HIGH] CWE-77 CVE-2024-0005: A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitr
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
nvd
CVE-2024-0001P3CRITICALCVSS 9.8≥ 6.3.0, ≤ 6.3.14≥ 6.4.0, ≤ 6.4.102024-09-23
CVE-2024-0001 [CRITICAL] CWE-1188 CVE-2024-0001: A condition exists in FlashArray Purity whereby a local account intended for initial array configura
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
nvd
CVE-2022-32552P3HIGHCVSS 8.8fixed in 5.3.18≥ 6.0.0, < 6.0.9+2 more2022-06-23
CVE-2022-32552 [HIGH] CVE-2022-32552: Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environm
nvd
CVE-2022-32553P3HIGHCVSS 8.8fixed in 5.3.18≥ 6.0.0, < 6.0.9+2 more2022-06-23
CVE-2022-32553 [HIGH] CVE-2022-32553: Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment var
nvd
CVE-2023-36628P3HIGHCVSS 8.8≥ 6.1.0, ≤ 6.3.11≥ 6.4.0, ≤ 6.4.52023-10-03
CVE-2023-36628 [HIGH] CWE-269 CVE-2023-36628: A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
nvd
CVE-2024-0004P3HIGHCVSS 7.2≥ 5.0.0, ≤ 5.0.11≥ 5.1.0, ≤ 5.1.17+8 more2024-09-23
CVE-2024-0004 [HIGH] CWE-94 CVE-2024-0004: A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
nvd
CVE-2024-0003P3HIGHCVSS 7.2≥ 5.3.17, ≤ 5.3.21≥ 6.0.7, ≤ 6.0.9+5 more2024-09-23
CVE-2024-0003 [HIGH] CWE-269 CVE-2024-0003: A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative s
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
nvd
CVE-2023-32572P4MEDIUMCVSS 4.9≥ 6.3.0, ≤ 6.3.7≥ 6.4.0, ≤ 6.4.12023-10-03
CVE-2023-32572 [MEDIUM] CWE-284 CVE-2023-32572: A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can a
A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
nvd
CVE-2023-28373P4LOWCVSS 2.7≥ 6.1.0, ≤ 6.1.22≥ 6.2.0, ≤ 6.2.15+2 more2023-10-03
CVE-2023-28373 [LOW] CVE-2023-28373: A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key man
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
nvd