CVE-2023-4976
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PureStorage | FlashBlade | 3.3.5 <= 3.3.10 | affected |
| PureStorage | FlashBlade | 4.0.4 <= 4.0.6 | affected |
| PureStorage | FlashBlade | 4.1.0 <= 4.1.8 | affected |
| PureStorage | FlashBlade | 4.2.0 <= 4.2.2 | affected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.