CVE-2023-28373

EUVD-2023-32069
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
PureStorageCNA
4.4 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
purestoragepurity\/\/fa
6.1.0 ≤
𝑥
≤ 6.1.22
purestoragepurity\/\/fa
6.2.0 ≤
𝑥
≤ 6.2.15
purestoragepurity\/\/fa
6.3.0 ≤
𝑥
≤ 6.3.6
purestoragepurity\/\/fa
6.4.0
𝑥
= Vulnerable software versions
References
https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373
https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373