CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2024-0005
https://notcve.org/view.php?id=CVE-2024-0005
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. • https://purestorage.com/security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-0004
https://notcve.org/view.php?id=CVE-2024-0004
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. • https://purestorage.com/security • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-0003
https://notcve.org/view.php?id=CVE-2024-0003
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. • https://purestorage.com/security • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-0002
https://notcve.org/view.php?id=CVE-2024-0002
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. • https://purestorage.com/security • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0001
https://notcve.org/view.php?id=CVE-2024-0001
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. • https://github.com/jiupta/CVE-2024-0001-EXP https://purestorage.com/security • CWE-1188: Initialization of a Resource with an Insecure Default •