CVE-2023-4976

A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

CVSS

No CVSS.

References

Link	Resource
https://www.purestorage.com/security
https://purestorage.com/security

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-17 16:15

Updated : 2025-04-10 15:16

NVD link : CVE-2023-4976

Mitre link : CVE-2023-4976

CVE.ORG link : CVE-2023-4976

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2023-4976", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@purestorage.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-07-17T16:15:03.233", "references": [{"url": "https://www.purestorage.com/security", "source": "psirt@purestorage.com"}, {"url": "https://purestorage.com/security", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@purestorage.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array."}, {"lang": "es", "value": "Existe una falla en Purity//FB por la cual se permite que una cuenta local se autentique en la interfaz de administraci\u00f3n utilizando un m\u00e9todo no deseado que permite a un atacante obtener acceso privilegiado a la matriz."}], "lastModified": "2025-04-10T15:16:01.880", "sourceIdentifier": "psirt@purestorage.com"}

CVE-2023-4976

JSON object

Attach tags to CVE-2023-4976

Attach tags to `CVE-2023-4976`