PT-2024-23497 · Pure Storage · Pure Storage Flasharray
Published
2024-10-08
·
Updated
2024-10-13
·
CVE-2024-3057
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PureStorage FlashArray versions up to 6.6.5
Description
A flaw exists in PureStorage FlashArray, allowing a user to make a specific call to a
FlashArray endpoint which enables privilege escalation. This issue can lead to improper privilege management, potentially resulting in unauthorized access and data compromise.Recommendations
For PureStorage FlashArray versions up to 6.6.5, patch immediately to mitigate the risk of unauthorized access and potential data compromise. As a temporary workaround, consider restricting access to the vulnerable
FlashArray endpoint until a patch is applied.Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pure Storage Flasharray