CVE-2023-28373 (GCVE-0-2023-28373)
Vulnerability from cvelistv5 – Published: 2023-10-02 23:02 – Updated: 2024-09-23 13:43
VLAI?
Summary
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
Severity ?
4.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pure Storage | FlashArray Purity |
Affected:
6.1.0 , ≤ 6.1.22
(custom)
Affected: 6.2.0 , ≤ 6.2.15 (custom) Affected: 6.3.0 , ≤ 6.3.6 (custom) Affected: 6.4.0 |
Credits
Mountain America Credit Union (MACU)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:43:15.300807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:43:23.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"SafeMode"
],
"product": "FlashArray Purity",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "6.1.22",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.15",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.3.6",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mountain America Credit Union (MACU) "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T23:02:31.591Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later\n"
}
],
"source": {
"discovery": "USER"
},
"title": "FlashArray SafeMode Immutable Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-28373",
"datePublished": "2023-10-02T23:02:31.591Z",
"dateReserved": "2023-03-15T04:06:47.635Z",
"dateUpdated": "2024-09-23T13:43:23.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.0\", \"versionEndIncluding\": \"6.1.22\", \"matchCriteriaId\": \"3F59FAA6-8982-4800-A1C4-10F22D48EC8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2.0\", \"versionEndIncluding\": \"6.2.15\", \"matchCriteriaId\": \"7FFCC8E3-F18E-4013-AE72-7C2FBB9AAA73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.3.0\", \"versionEndIncluding\": \"6.3.6\", \"matchCriteriaId\": \"9C2DB4EF-77FB-43E8-B87B-D1B8173BB6EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:6.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B9E8C5D-640F-42DB-8842-5D381EF9FF35\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \\n\"}, {\"lang\": \"es\", \"value\": \"Existe una falla en FlashArray Purity por la cual un administrador de matriz, al configurar un administrador de claves externo, puede afectar la disponibilidad de los datos en el sistema, incluidas las instant\\u00e1neas protegidas por SafeMode.\"}]",
"id": "CVE-2023-28373",
"lastModified": "2024-11-21T07:54:56.747",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@purestorage.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.7, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 2.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 1.4}]}",
"published": "2023-10-03T00:15:09.913",
"references": "[{\"url\": \"https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373\", \"source\": \"psirt@purestorage.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@purestorage.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-28373\",\"sourceIdentifier\":\"psirt@purestorage.com\",\"published\":\"2023-10-03T00:15:09.913\",\"lastModified\":\"2024-11-21T07:54:56.747\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \\n\"},{\"lang\":\"es\",\"value\":\"Existe una falla en FlashArray Purity por la cual un administrador de matriz, al configurar un administrador de claves externo, puede afectar la disponibilidad de los datos en el sistema, incluidas las instant\u00e1neas protegidas por SafeMode.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@purestorage.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndIncluding\":\"6.1.22\",\"matchCriteriaId\":\"3F59FAA6-8982-4800-A1C4-10F22D48EC8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.15\",\"matchCriteriaId\":\"7FFCC8E3-F18E-4013-AE72-7C2FBB9AAA73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0\",\"versionEndIncluding\":\"6.3.6\",\"matchCriteriaId\":\"9C2DB4EF-77FB-43E8-B87B-D1B8173BB6EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:6.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B9E8C5D-640F-42DB-8842-5D381EF9FF35\"}]}]}],\"references\":[{\"url\":\"https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373\",\"source\":\"psirt@purestorage.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:38:24.928Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28373\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-23T13:43:15.300807Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-23T13:43:19.284Z\"}}], \"cna\": {\"title\": \"FlashArray SafeMode Immutable Vulnerability \", \"source\": {\"discovery\": \"USER\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Mountain America Credit Union (MACU) \"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Pure Storage\", \"modules\": [\"SafeMode\"], \"product\": \"FlashArray Purity\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.1.22\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.2.15\"}, {\"status\": \"affected\", \"version\": \"6.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.3.6\"}, {\"status\": \"affected\", \"version\": \"6.4.0\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"This issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThis issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"3895c224-4e1d-482a-adb3-fa64795683ac\", \"shortName\": \"PureStorage\", \"dateUpdated\": \"2023-10-02T23:02:31.591Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-28373\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-23T13:43:23.214Z\", \"dateReserved\": \"2023-03-15T04:06:47.635Z\", \"assignerOrgId\": \"3895c224-4e1d-482a-adb3-fa64795683ac\", \"datePublished\": \"2023-10-02T23:02:31.591Z\", \"assignerShortName\": \"PureStorage\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…