CVE-2023-36628

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/10/2023
Last modified:
23/09/2024

Description

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.<br />

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* 6.1.0 (including) 6.3.11 (including)
cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* 6.4.0 (including) 6.4.5 (including)