CVE-2022-32554

Name of the Vulnerable Software and Affected Versions Pure Storage FlashArray versions 5.2.x and prior, 5.3.0 through 5.3.17, 6.0.0 through 6.0.8, 6.1.0 through 6.1.12, 6.2.0 through 6.2.3 Pure Storage FlashBlade versions 3.0.x and prior, 3.1.0 through 3.1.12, 3.2.0 through 3.2.4, 3.3.0

Description The vulnerable software possibly exposes credentials for accessing the product's management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected.

Recommendations For Pure Storage FlashArray versions 5.2.x and prior, 5.3.0 through 5.3.17, 6.0.0 through 6.0.8, 6.1.0 through 6.1.12, 6.2.0 through 6.2.3, apply a self-serve "opt-in" patch, manually apply a patch, or upgrade to an unaffected version of Purity software. For Pure Storage FlashBlade versions 3.0.x and prior, 3.1.0 through 3.1.12, 3.2.0 through 3.2.4, 3.3.0, apply a self-serve "opt-in" patch, manually apply a patch, or upgrade to an unaffected version of Purity software.