CVE-2024-0005

EUVD-2024-15808
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
purestoragepurity\/\/fa
5.0.0 ≤
𝑥
≤ 5.0.11
purestoragepurity\/\/fa
5.1.0 ≤
𝑥
≤ 5.1.17
purestoragepurity\/\/fa
5.2.0 ≤
𝑥
≤ 5.2.7
purestoragepurity\/\/fa
5.3.0 ≤
𝑥
≤ 5.3.21
purestoragepurity\/\/fa
6.0.0 ≤
𝑥
≤ 6.0.9
purestoragepurity\/\/fa
6.1.0 ≤
𝑥
≤ 6.1.25
purestoragepurity\/\/fa
6.2.0 ≤
𝑥
≤ 6.2.17
purestoragepurity\/\/fa
6.3.0 ≤
𝑥
≤ 6.3.14
purestoragepurity\/\/fa
6.4.0 ≤
𝑥
≤ 6.4.10
purestoragepurity\/\/fa
6.5.0
purestoragepurity\/\/fa
6.6.0
purestoragepurity\/\/fb
3.0.0 ≤
𝑥
≤ 3.0.9
purestoragepurity\/\/fb
3.1.0 ≤
𝑥
≤ 3.1.5
purestoragepurity\/\/fb
3.2.0 ≤
𝑥
≤ 3.2.10
purestoragepurity\/\/fb
3.3.0 ≤
𝑥
≤ 3.3.11
purestoragepurity\/\/fb
4.0.0 ≤
𝑥
≤ 4.0.6
purestoragepurity\/\/fb
4.1.0 ≤
𝑥
≤ 4.1.10
purestoragepurity\/\/fb
4.2.0 ≤
𝑥
≤ 4.2.3
purestoragepurity\/\/fb
4.3.0
purestoragepurity\/\/fb
4.3.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
purestorageflasharray
5.0.0 ≤
𝑥
≤ 5.0.11
ADP
purestorageflasharray
5.1.0 ≤
𝑥
≤ 5.1.17
ADP
purestorageflasharray
5.2.0 ≤
𝑥
≤ 5.2.7
ADP
purestorageflasharray
5.3.0 ≤
𝑥
≤ 5.3.21
ADP
purestorageflasharray
6.0.0 ≤
𝑥
≤ 6.0.9
ADP
purestorageflasharray
6.1.0 ≤
𝑥
≤ 6.1.25
ADP
purestorageflasharray
6.2.0 ≤
𝑥
≤ 6.2.17
ADP
purestorageflasharray
6.3.0 ≤
𝑥
≤ 6.3.14
ADP
purestorageflasharray
6.4.0 ≤
𝑥
≤ 6.4.10
ADP
purestorageflashblade
3.0.0 ≤
𝑥
≤ 3.0.9
ADP
purestorageflashblade
3.1.0 ≤
𝑥
≤ 3.1.15
ADP
purestorageflashblade
3.2.0 ≤
𝑥
≤ 3.2.10
ADP
purestorageflashblade
3.3.0 ≤
𝑥
≤ 3.3.11
ADP
purestorageflashblade
4.0.0 ≤
𝑥
≤ 4.0.6
ADP
purestorageflashblade
4.1.0 ≤
𝑥
≤ 4.1.10
ADP
purestorageflashblade
4.2.0 ≤
𝑥
≤ 4.2.3
ADP
purestorageflashblade
4.3.0 ≤
𝑥
≤ 4.3.1
ADP
Common Weakness Enumeration
References
https://purestorage.com/security