CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2024-0005
https://notcve.org/view.php?id=CVE-2024-0005
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. • https://purestorage.com/security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-0004
https://notcve.org/view.php?id=CVE-2024-0004
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. • https://purestorage.com/security • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-0003
https://notcve.org/view.php?id=CVE-2024-0003
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. • https://purestorage.com/security • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-0002
https://notcve.org/view.php?id=CVE-2024-0002
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. • https://purestorage.com/security • CWE-287: Improper Authentication •