CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2024-0005
https://notcve.org/view.php?id=CVE-2024-0005
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. • https://purestorage.com/security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4976 – FlashBlade Authentication Mechanism Vulnerability
https://notcve.org/view.php?id=CVE-2023-4976
A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array. Existe una falla en Purity//FB por la cual se permite que una cuenta local se autentique en la interfaz de administración utilizando un método no deseado que permite a un atacante obtener acceso privilegiado a la matriz. • https://purestorage.com/security • CWE-269: Improper Privilege Management •