CVE-2023-36628

Summary

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

Affected Software

VendorProductVersion RangeStatus
Pure StorageFlashArray Purity6.1.*affected
Pure StorageFlashArray Purity6.2.*affected
Pure StorageFlashArray Purity6.3.0 <= 6.3.11affected
Pure StorageFlashArray Purity6.4.0 <= 6.4.5affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References