CVE-2023-4976
CVE-2023-4976
9.3
CriticalPublished:
Last updated:
Source:psirt@purestorage.com
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.
References
psirt@purestorage.com
https://www.purestorage.com/securityaf854a3a-2127-422b-91ae-364da2661108
https://purestorage.com/security