CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3057
https://notcve.org/view.php?id=CVE-2024-3057
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. • https://support.purestorage.com/category/m_pure_storage_product_security • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2024-0005
https://notcve.org/view.php?id=CVE-2024-0005
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. • https://purestorage.com/security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-0004
https://notcve.org/view.php?id=CVE-2024-0004
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. • https://purestorage.com/security • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-0003
https://notcve.org/view.php?id=CVE-2024-0003
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. • https://purestorage.com/security • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-0002
https://notcve.org/view.php?id=CVE-2024-0002
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. • https://purestorage.com/security • CWE-287: Improper Authentication •