Summary: Pure Storage has issued a critical security advisory regarding multiple high-severity vulnerabilities in its FlashArray and FlashBlade storage systems, some rated with a maximum CVSS score of 10. These vulnerabilities could allow attackers to execute arbitrary code, gain unauthorized access, and disrupt critical operations.
Threat Actor: Malicious Actors | malicious actors
Victim: Pure Storage Customers | Pure Storage
Key Point :
- Multiple vulnerabilities identified, including CVE-2024-0001 and CVE-2024-0002, both with a CVSS score of 10.
- Vulnerabilities could lead to privilege escalation, unauthorized remote access, and remote command execution.
- Pure Storage has released patches and updates for affected versions of FlashArray and FlashBlade systems.
- Organizations are urged to apply patches immediately to protect sensitive data.
Pure Storage has released a critical security advisory detailing multiple high-severity vulnerabilities impacting its FlashArray and FlashBlade storage systems. These vulnerabilities, some with a maximum CVSS score of 10, could enable malicious actors to execute arbitrary code, gain unauthorized access, and potentially disrupt critical operations.
Vulnerabilities and Potential Impact:
- CVE-2024-0001 (CVSS 10): Local Configuration Account Vulnerability: An active local configuration account could lead to privilege escalation.
- CVE-2024-0002 (CVSS 10): Remote Access via Privileged Accounts: Privileged accounts could be exploited to gain unauthorized remote access to the array.
- CVE-2024-0003 (CVSS 9.1): Remote Account Creation: Malicious users could create privileged accounts through remote administrative services.
- CVE-2024-0004 (CVSS 9.1): Remote Command Execution: Array administrators could execute arbitrary commands remotely, leading to potential privilege escalation.
- CVE-2024-0005 (CVSS 9.1): SNMP Configuration Exploitation: Crafted SNMP configurations could enable remote command execution.
Affected Versions and Remediation:
A wide range of FlashArray and FlashBlade Purity versions are affected. Pure Storage has swiftly responded to these vulnerabilities by providing patches and updates. The security flaws have been addressed in the following releases:
- FlashArray: Purity//FA versions 6.3.15, 6.5.1, and 6.6.1 or later
- FlashBlade: Purity//FB versions 4.1.12 and 4.3.2 or later
Customers are urged to immediately apply the self-service patch bundle or upgrade to the latest unaffected Purity versions to mitigate the risks posed by these vulnerabilities.
Urgency and Security Implications:
These vulnerabilities pose a significant risk to the confidentiality, integrity, and availability of sensitive data stored on FlashArray and FlashBlade systems. Organizations are strongly encouraged to take immediate action to mitigate these risks.
Related Posts:
Views: 0