CVE-2022-32553
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
Los productos Pure Storage FlashArray que ejecutan Purity//FA versiones 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x y versiones anteriores de Purity//FA, y los productos Pure Storage FlashBlade que ejecutan Purity//FB versiones 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1. 12, 3.0.x y versiones anteriores de Purity//FB son vulnerables a una escalada de privilegios por medio de la manipulación de variables de entorno que puede ser explotada por un usuario conectado para escapar de un shell restringido a un shell sin restricciones con privilegios de root. Ningún otro producto o servicio de Pure Storage está afectado. La mitigación está disponible en Pure Storage por medio de un parche de autoservicio "opt-in", la aplicación de un parche manual o una actualización de software a una versión no afectada del software Purity
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-08 CVE Reserved
- 2022-06-22 CVE Published
- 2024-01-13 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Purestorage Search vendor "Purestorage" | Purity\/\/fa Search vendor "Purestorage" for product "Purity\/\/fa" | < 5.3.18 Search vendor "Purestorage" for product "Purity\/\/fa" and version " < 5.3.18" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fa Search vendor "Purestorage" for product "Purity\/\/fa" | >= 6.0.0 < 6.0.9 Search vendor "Purestorage" for product "Purity\/\/fa" and version " >= 6.0.0 < 6.0.9" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fa Search vendor "Purestorage" for product "Purity\/\/fa" | >= 6.1.0 < 6.1.13 Search vendor "Purestorage" for product "Purity\/\/fa" and version " >= 6.1.0 < 6.1.13" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fa Search vendor "Purestorage" for product "Purity\/\/fa" | >= 6.2.0 < 6.2.4 Search vendor "Purestorage" for product "Purity\/\/fa" and version " >= 6.2.0 < 6.2.4" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fb Search vendor "Purestorage" for product "Purity\/\/fb" | < 3.1.13 Search vendor "Purestorage" for product "Purity\/\/fb" and version " < 3.1.13" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fb Search vendor "Purestorage" for product "Purity\/\/fb" | >= 3.2.0 < 3.2.5 Search vendor "Purestorage" for product "Purity\/\/fb" and version " >= 3.2.0 < 3.2.5" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fb Search vendor "Purestorage" for product "Purity\/\/fb" | >= 3.3.0 < 3.3.1 Search vendor "Purestorage" for product "Purity\/\/fb" and version " >= 3.3.0 < 3.3.1" | - |
Affected
| ||||||