CVE-2024-0005
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
23/09/2024
Last modified:
27/09/2024
Description
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* | 5.0.0 (including) | 5.0.11 (including) |
| cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* | 5.1.0 (including) | 5.1.17 (including) |
| cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* | 5.2.0 (including) | 5.2.7 (including) |
| cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* | 5.3.0 (including) | 5.3.21 (including) |
| cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* | 6.0.0 (including) | 6.0.9 (including) |
| cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* | 6.1.0 (including) | 6.1.25 (including) |
| cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* | 6.2.0 (including) | 6.2.17 (including) |
| cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* | 6.3.0 (including) | 6.3.14 (including) |
| cpe:2.3:a:purestorage:purity\/\/fa:*:*:*:*:*:*:*:* | 6.4.0 (including) | 6.4.10 (including) |
| cpe:2.3:a:purestorage:purity\/\/fa:6.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:purestorage:purity\/\/fa:6.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:purestorage:purity\/\/fb:*:*:*:*:*:*:*:* | 3.0.0 (including) | 3.0.9 (including) |
| cpe:2.3:a:purestorage:purity\/\/fb:*:*:*:*:*:*:*:* | 3.1.0 (including) | 3.1.5 (including) |
| cpe:2.3:a:purestorage:purity\/\/fb:*:*:*:*:*:*:*:* | 3.2.0 (including) | 3.2.10 (including) |
| cpe:2.3:a:purestorage:purity\/\/fb:*:*:*:*:*:*:*:* | 3.3.0 (including) | 3.3.11 (including) |
To consult the complete list of CPE names with products and versions, see this page