Vulnerabilities > CVE-2023-36628 - Unspecified vulnerability in Purestorage Purity//Fa

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

NVD

Published: 2023-10-03

Updated: 2023-10-05

Summary

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

Part	Description	Count
Application	Purestorage Purestorage Purity//Fa 6.1.0 Purestorage Purity//Fa 6.1.12 Purestorage Purity//Fa 6.1.13 Purestorage Purity//Fa 6.2.0 Purestorage Purity//Fa 6.2.3 Purestorage Purity//Fa 6.2.4 Purestorage Purity//Fa 6.3.0 Purestorage Purity//Fa *	8