Vulnerabilities > CVE-2023-32572 - Unspecified vulnerability in Purestorage Purity//Fa

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

purestorage

NVD

Published: 2023-10-03

Updated: 2024-09-23

Summary

A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.

Vulnerable Configurations

Part	Description	Count
Application	Purestorage Purestorage Purity//Fa 6.4.0 Purestorage Purity//Fa 6.4.1 Purestorage Purity//Fa 6.3.0 Purestorage Purity//Fa 6.3.1 Purestorage Purity//Fa 6.3.2 Purestorage Purity//Fa 6.3.3 Purestorage Purity//Fa 6.3.4 Purestorage Purity//Fa 6.3.5 Purestorage Purity//Fa 6.3.6 Purestorage Purity//Fa 6.3.7	10

References

https://https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_-_FlashArray_pgroup_Retention_Lock_SafeMode_Protection_CVE-2023-32572