CVE-2024-0005 (GCVE-0-2024-0005)

Vulnerability from cvelistv5 – Published: 2024-09-23 17:34 – Updated: 2024-09-24 13:49
VLAI?
Summary
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
Vendor Product Version
PureStorage FlashArray Affected: 5.0.0 , ≤ 5.0.11 (custom)
Affected: 5.1.0 , ≤ 5.1.17 (custom)
Affected: 5.2.0 , ≤ 5.2.7 (custom)
Affected: 5.3.0 , ≤ 5.3.21 (custom)
Affected: 6.0.0 , ≤ 6.0.9 (custom)
Affected: 6.1.0 , ≤ 6.1.25 (custom)
Affected: 6.2.0 , ≤ 6.2.17 (custom)
Affected: 6.3.0 , ≤ 6.3.14 (custom)
Affected: 6.4.0 , ≤ 6.4.10 (custom)
Affected: 6.5.0
Affected: 6.6.0
Create a notification for this product.
    PureStorage FlashBlade Affected: 3.0.0 , ≤ 3.0.9 (custom)
Affected: 3.1.0 , ≤ 3.1.15 (custom)
Affected: 3.2.0 , ≤ 3.2.10 (custom)
Affected: 3.3.0 , ≤ 3.3.11 (custom)
Affected: 4.0.0 , ≤ 4.0.6 (custom)
Affected: 4.1.0 , ≤ 4.1.10 (custom)
Affected: 4.2.0 , ≤ 4.2.3 (custom)
Affected: 4.3.0 , ≤ 4.3.1 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flasharray:5.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:5.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:5.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:5.3.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flasharray",
            "vendor": "purestorage",
            "versions": [
              {
                "lessThanOrEqual": "5.0.11",
                "status": "affected",
                "version": "5.0.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.1.17",
                "status": "affected",
                "version": "5.1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.2.7",
                "status": "affected",
                "version": "5.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.3.21",
                "status": "affected",
                "version": "5.3.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.0.9",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.1.25",
                "status": "affected",
                "version": "6.1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.2.17",
                "status": "affected",
                "version": "6.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.3.14",
                "status": "affected",
                "version": "6.3.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.4.10",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "6.5.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flasharray:6.6.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flasharray",
            "vendor": "purestorage",
            "versions": [
              {
                "status": "affected",
                "version": "6.6.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flashblade:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flashblade",
            "vendor": "purestorage",
            "versions": [
              {
                "lessThanOrEqual": "3.0.9",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flashblade:3.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flashblade",
            "vendor": "purestorage",
            "versions": [
              {
                "lessThanOrEqual": "3.1.15",
                "status": "affected",
                "version": "3.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flashblade:3.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flashblade",
            "vendor": "purestorage",
            "versions": [
              {
                "lessThanOrEqual": "3.2.10",
                "status": "affected",
                "version": "3.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flashblade:3.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flashblade",
            "vendor": "purestorage",
            "versions": [
              {
                "lessThanOrEqual": "3.3.11",
                "status": "affected",
                "version": "3.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flashblade:4.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flashblade",
            "vendor": "purestorage",
            "versions": [
              {
                "lessThanOrEqual": "4.0.6",
                "status": "affected",
                "version": "4.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flashblade:4.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flashblade",
            "vendor": "purestorage",
            "versions": [
              {
                "lessThanOrEqual": "4.1.10",
                "status": "affected",
                "version": "4.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flashblade:4.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flashblade",
            "vendor": "purestorage",
            "versions": [
              {
                "lessThanOrEqual": "4.2.3",
                "status": "affected",
                "version": "4.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:purestorage:flashblade:4.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flashblade",
            "vendor": "purestorage",
            "versions": [
              {
                "lessThanOrEqual": "4.3.1",
                "status": "affected",
                "version": "4.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0005",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T13:38:08.230078Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T13:49:20.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Purity"
          ],
          "product": "FlashArray",
          "vendor": "PureStorage",
          "versions": [
            {
              "lessThanOrEqual": "5.0.11",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.1.17",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.2.7",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.3.21",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.0.9",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.25",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.2.17",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.3.14",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.5.0"
            },
            {
              "status": "affected",
              "version": "6.6.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Purity"
          ],
          "product": "FlashBlade",
          "vendor": "PureStorage",
          "versions": [
            {
              "lessThanOrEqual": "3.0.9",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.1.15",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.2.10",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.3.11",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.1.10",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.2.3",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.3.1",
              "status": "affected",
              "version": "4.3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
            }
          ],
          "value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-23T17:34:11.321Z",
        "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "shortName": "PureStorage"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://purestorage.com/security"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\u003cbr\u003e\n\u003cbr\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashArray Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.3.15 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.5.1 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.6.1 or later.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashBlade Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FB versions 4.1.12 or later\n\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FB versions 4.3.2 or later\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
            }
          ],
          "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity  releases:\n\n  *  Purity//FA versions 6.3.15 or later \n  *  Purity//FA versions 6.5.1 or later \n  *  Purity//FA versions 6.6.1 or later.\n\n\nThis issue is resolved in the following\u00a0FlashBlade Purity  releases:\n\n  *  Purity//FB versions 4.1.12 or later\n\n  *  Purity//FB versions 4.3.2 or later"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
    "assignerShortName": "PureStorage",
    "cveId": "CVE-2024-0005",
    "datePublished": "2024-09-23T17:34:11.321Z",
    "dateReserved": "2023-11-01T17:10:20.833Z",
    "dateUpdated": "2024-09-24T13:49:20.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndIncluding\": \"5.0.11\", \"matchCriteriaId\": \"DB4713BD-F013-4129-B3B8-0B95CE69D8A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.1.0\", \"versionEndIncluding\": \"5.1.17\", \"matchCriteriaId\": \"D5C7A1D2-E2AE-4737-AF3D-B46AFA52DBD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.2.0\", \"versionEndIncluding\": \"5.2.7\", \"matchCriteriaId\": \"FA0303FA-81E7-41F8-B8F4-AD571E2B8D13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.3.0\", \"versionEndIncluding\": \"5.3.21\", \"matchCriteriaId\": \"A1077938-9AEC-446A-BF07-ECEF798889E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.0.9\", \"matchCriteriaId\": \"DA37DE8B-32EB-4BDD-808B-0DDF18ADC33C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.0\", \"versionEndIncluding\": \"6.1.25\", \"matchCriteriaId\": \"C01E4DAE-CAA7-4EF9-B47D-B400E36B97F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2.0\", \"versionEndIncluding\": \"6.2.17\", \"matchCriteriaId\": \"3311847D-BE5E-4435-9B1B-DF8824DF55B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.3.0\", \"versionEndIncluding\": \"6.3.14\", \"matchCriteriaId\": \"A81E5420-C4D6-42CD-93EB-0B0BCB01F918\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.4.0\", \"versionEndIncluding\": \"6.4.10\", \"matchCriteriaId\": \"07C73EC4-5F8C-422B-971F-0C8445E72145\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:6.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B75DE0E-3A1F-401A-85B0-EB7B7C8248D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:6.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BDB3666-13AA-4908-9CB9-4426A7F6ED56\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.0.9\", \"matchCriteriaId\": \"2A921EA5-4877-4CA2-AA23-801C56890632\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.1.0\", \"versionEndIncluding\": \"3.1.5\", \"matchCriteriaId\": \"06BC3E85-9263-4BA8-9B6B-2FCEC0620746\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.2.0\", \"versionEndIncluding\": \"3.2.10\", \"matchCriteriaId\": \"8BD275B2-1F43-4B7B-9E68-49E0D07FA5B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.3.0\", \"versionEndIncluding\": \"3.3.11\", \"matchCriteriaId\": \"46E8FF81-4F41-4B5D-B602-5C32B1B57602\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndIncluding\": \"4.0.6\", \"matchCriteriaId\": \"6491F180-CB5E-4790-B7EF-618840C71E06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1.0\", \"versionEndIncluding\": \"4.1.10\", \"matchCriteriaId\": \"5B9D88CE-6331-4E11-B4C0-5DAD0B73911A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.2.0\", \"versionEndIncluding\": \"4.2.3\", \"matchCriteriaId\": \"202A85B4-5F81-4559-9326-12830063D99F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:4.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F372AC2-12D1-4CD7-923E-C8650C102C6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4CEF944-7552-41DF-993E-6D3B1463B548\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.\"}, {\"lang\": \"es\", \"value\": \"Existe una condici\\u00f3n en FlashArray y FlashBlade Purity por la cual un usuario malintencionado podr\\u00eda ejecutar comandos arbitrarios de forma remota a trav\\u00e9s de una configuraci\\u00f3n SNMP espec\\u00edficamente manipulada.\"}]",
      "id": "CVE-2024-0005",
      "lastModified": "2024-09-27T15:25:40.980",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@purestorage.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2024-09-23T18:15:05.233",
      "references": "[{\"url\": \"https://purestorage.com/security\", \"source\": \"psirt@purestorage.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@purestorage.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"psirt@purestorage.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-0005\",\"sourceIdentifier\":\"psirt@purestorage.com\",\"published\":\"2024-09-23T18:15:05.233\",\"lastModified\":\"2024-09-27T15:25:40.980\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.\"},{\"lang\":\"es\",\"value\":\"Existe una condici\u00f3n en FlashArray y FlashBlade Purity por la cual un usuario malintencionado podr\u00eda ejecutar comandos arbitrarios de forma remota a trav\u00e9s de una configuraci\u00f3n SNMP espec\u00edficamente manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@purestorage.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@purestorage.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"5.0.11\",\"matchCriteriaId\":\"DB4713BD-F013-4129-B3B8-0B95CE69D8A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1.0\",\"versionEndIncluding\":\"5.1.17\",\"matchCriteriaId\":\"D5C7A1D2-E2AE-4737-AF3D-B46AFA52DBD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2.0\",\"versionEndIncluding\":\"5.2.7\",\"matchCriteriaId\":\"FA0303FA-81E7-41F8-B8F4-AD571E2B8D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3.0\",\"versionEndIncluding\":\"5.3.21\",\"matchCriteriaId\":\"A1077938-9AEC-446A-BF07-ECEF798889E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.9\",\"matchCriteriaId\":\"DA37DE8B-32EB-4BDD-808B-0DDF18ADC33C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndIncluding\":\"6.1.25\",\"matchCriteriaId\":\"C01E4DAE-CAA7-4EF9-B47D-B400E36B97F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.17\",\"matchCriteriaId\":\"3311847D-BE5E-4435-9B1B-DF8824DF55B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0\",\"versionEndIncluding\":\"6.3.14\",\"matchCriteriaId\":\"A81E5420-C4D6-42CD-93EB-0B0BCB01F918\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndIncluding\":\"6.4.10\",\"matchCriteriaId\":\"07C73EC4-5F8C-422B-971F-0C8445E72145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B75DE0E-3A1F-401A-85B0-EB7B7C8248D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fa:6.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BDB3666-13AA-4908-9CB9-4426A7F6ED56\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.0.9\",\"matchCriteriaId\":\"2A921EA5-4877-4CA2-AA23-801C56890632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.0\",\"versionEndIncluding\":\"3.1.5\",\"matchCriteriaId\":\"06BC3E85-9263-4BA8-9B6B-2FCEC0620746\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.2.0\",\"versionEndIncluding\":\"3.2.10\",\"matchCriteriaId\":\"8BD275B2-1F43-4B7B-9E68-49E0D07FA5B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndIncluding\":\"3.3.11\",\"matchCriteriaId\":\"46E8FF81-4F41-4B5D-B602-5C32B1B57602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.0.6\",\"matchCriteriaId\":\"6491F180-CB5E-4790-B7EF-618840C71E06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndIncluding\":\"4.1.10\",\"matchCriteriaId\":\"5B9D88CE-6331-4E11-B4C0-5DAD0B73911A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndIncluding\":\"4.2.3\",\"matchCriteriaId\":\"202A85B4-5F81-4559-9326-12830063D99F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F372AC2-12D1-4CD7-923E-C8650C102C6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:purestorage:purity\\\\/\\\\/fb:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4CEF944-7552-41DF-993E-6D3B1463B548\"}]}]}],\"references\":[{\"url\":\"https://purestorage.com/security\",\"source\":\"psirt@purestorage.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0005\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-24T13:38:08.230078Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:purestorage:flasharray:5.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:purestorage:flasharray:5.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:purestorage:flasharray:5.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:purestorage:flasharray:5.3.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:purestorage:flasharray:6.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:purestorage:flasharray:6.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*\"], \"vendor\": \"purestorage\", \"product\": \"flasharray\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.0.11\"}, {\"status\": \"affected\", \"version\": \"5.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.1.17\"}, {\"status\": \"affected\", \"version\": \"5.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.2.7\"}, {\"status\": \"affected\", \"version\": \"5.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.3.21\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.0.9\"}, {\"status\": \"affected\", \"version\": \"6.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.1.25\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.2.17\"}, {\"status\": \"affected\", \"version\": \"6.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.3.14\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.4.10\"}, {\"status\": \"affected\", \"version\": \"6.5.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:purestorage:flasharray:6.6.0:*:*:*:*:*:*:*\"], \"vendor\": \"purestorage\", \"product\": \"flasharray\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.6.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:purestorage:flashblade:3.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"purestorage\", \"product\": \"flashblade\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:purestorage:flashblade:3.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"purestorage\", \"product\": \"flashblade\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.1.15\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:purestorage:flashblade:3.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"purestorage\", \"product\": \"flashblade\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.2.10\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:purestorage:flashblade:3.3.0:*:*:*:*:*:*:*\"], \"vendor\": \"purestorage\", \"product\": \"flashblade\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.11\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:purestorage:flashblade:4.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"purestorage\", \"product\": \"flashblade\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.0.6\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:purestorage:flashblade:4.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"purestorage\", \"product\": \"flashblade\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.1.10\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:purestorage:flashblade:4.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"purestorage\", \"product\": \"flashblade\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.2.3\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:purestorage:flashblade:4.3.0:*:*:*:*:*:*:*\"], \"vendor\": \"purestorage\", \"product\": \"flashblade\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.3.1\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-24T13:40:46.240Z\"}}], \"cna\": {\"source\": {\"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"PureStorage\", \"product\": \"FlashArray\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.0.11\"}, {\"status\": \"affected\", \"version\": \"5.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.1.17\"}, {\"status\": \"affected\", \"version\": \"5.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.2.7\"}, {\"status\": \"affected\", \"version\": \"5.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.3.21\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.0.9\"}, {\"status\": \"affected\", \"version\": \"6.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.1.25\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.2.17\"}, {\"status\": \"affected\", \"version\": \"6.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.3.14\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.4.10\"}, {\"status\": \"affected\", \"version\": \"6.5.0\"}, {\"status\": \"affected\", \"version\": \"6.6.0\"}], \"platforms\": [\"Purity\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PureStorage\", \"product\": \"FlashBlade\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0.9\"}, {\"status\": \"affected\", \"version\": \"3.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.1.15\"}, {\"status\": \"affected\", \"version\": \"3.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.2.10\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.11\"}, {\"status\": \"affected\", \"version\": \"4.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.0.6\"}, {\"status\": \"affected\", \"version\": \"4.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.1.10\"}, {\"status\": \"affected\", \"version\": \"4.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.2.3\"}, {\"status\": \"affected\", \"version\": \"4.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.3.1\"}], \"platforms\": [\"Purity\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\\n\\n\\n\\nThis issue is resolved in the following\\u00a0FlashArray Purity  releases:\\n\\n  *  Purity//FA versions 6.3.15 or later \\n  *  Purity//FA versions 6.5.1 or later \\n  *  Purity//FA versions 6.6.1 or later.\\n\\n\\nThis issue is resolved in the following\\u00a0FlashBlade Purity  releases:\\n\\n  *  Purity//FB versions 4.1.12 or later\\n\\n  *  Purity//FB versions 4.3.2 or later\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\\n\u003cbr\u003e\\n\u003cbr\u003eThis issue is resolved in the following\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;FlashArray Purity \u003c/span\u003e releases:\\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePurity//FA versions 6.3.15 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePurity//FA versions 6.5.1 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePurity//FA versions 6.6.1 or later.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThis issue is resolved in the following\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;FlashBlade Purity \u003c/span\u003e releases:\\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePurity//FB versions 4.1.12 or later\\n\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePurity//FB versions 4.3.2 or later\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://purestorage.com/security\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"3895c224-4e1d-482a-adb3-fa64795683ac\", \"shortName\": \"PureStorage\", \"dateUpdated\": \"2024-09-23T17:34:11.321Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-0005\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-24T13:49:20.771Z\", \"dateReserved\": \"2023-11-01T17:10:20.833Z\", \"assignerOrgId\": \"3895c224-4e1d-482a-adb3-fa64795683ac\", \"datePublished\": \"2024-09-23T17:34:11.321Z\", \"assignerShortName\": \"PureStorage\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.