Vulnerabilities > CVE-2023-28373 - Unspecified vulnerability in Purestorage Purity//Fa

CVSS 2.7 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

purestorage

NVD

Published: 2023-10-03

Updated: 2023-10-05

Summary

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.

Vulnerable Configurations

Part	Description	Count
Application	Purestorage Purestorage Purity//Fa 6.1.0 Purestorage Purity//Fa 6.1.12 Purestorage Purity//Fa 6.1.13 Purestorage Purity//Fa 6.2.0 Purestorage Purity//Fa 6.2.3 Purestorage Purity//Fa 6.2.4 Purestorage Purity//Fa 6.3.0 Purestorage Purity//Fa 6.4.0	8

References

https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373