CVE-2022-32554
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
Los productos Pure Storage FlashArray que ejecutan Purity//FA versiones 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x y versiones anteriores de Purity//FA, y los productos Pure Storage FlashBlade que ejecutan Purity//FB versiones 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x y versiones anteriores de Purity//FB son vulnerables a las credenciales posiblemente expuestas para acceder a la interfaz de gestión del producto. La contraseña puede ser conocida fuera de Pure Storage y podría ser usada en un sistema afectado, si es accesible, para ejecutar instrucciones arbitrarias con privilegios de root. Ningún otro producto o servicio de Pure Storage está afectado. La solución está disponible en Pure Storage por medio de un parche de autoservicio "opt-in", la aplicación manual del parche o una actualización del software a una versión no afectada del software Purity
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-08 CVE Reserved
- 2022-06-22 CVE Published
- 2024-01-13 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Purestorage Search vendor "Purestorage" | Purity\/\/fa Search vendor "Purestorage" for product "Purity\/\/fa" | < 5.3.18 Search vendor "Purestorage" for product "Purity\/\/fa" and version " < 5.3.18" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fa Search vendor "Purestorage" for product "Purity\/\/fa" | >= 6.0.0 < 6.0.9 Search vendor "Purestorage" for product "Purity\/\/fa" and version " >= 6.0.0 < 6.0.9" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fa Search vendor "Purestorage" for product "Purity\/\/fa" | >= 6.1.0 < 6.1.13 Search vendor "Purestorage" for product "Purity\/\/fa" and version " >= 6.1.0 < 6.1.13" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fa Search vendor "Purestorage" for product "Purity\/\/fa" | >= 6.2.0 < 6.2.4 Search vendor "Purestorage" for product "Purity\/\/fa" and version " >= 6.2.0 < 6.2.4" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fb Search vendor "Purestorage" for product "Purity\/\/fb" | < 3.1.13 Search vendor "Purestorage" for product "Purity\/\/fb" and version " < 3.1.13" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fb Search vendor "Purestorage" for product "Purity\/\/fb" | >= 3.2.0 < 3.2.5 Search vendor "Purestorage" for product "Purity\/\/fb" and version " >= 3.2.0 < 3.2.5" | - |
Affected
| ||||||
| Purestorage Search vendor "Purestorage" | Purity\/\/fb Search vendor "Purestorage" for product "Purity\/\/fb" | >= 3.3.0 < 3.3.1 Search vendor "Purestorage" for product "Purity\/\/fb" and version " >= 3.3.0 < 3.3.1" | - |
Affected
| ||||||