CVE-2023-28373 - OpenCVE

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Purestorage	Purity\/\/fa

Configuration 1 [-]

OR	cpe:2.3:a:purestorage:purity\/\/fa::::::::
	cpe:2.3:a:purestorage:purity\/\/fa::::::::
	cpe:2.3:a:purestorage:purity\/\/fa::::::::
	cpe:2.3:a:purestorage:purity\/\/fa:6.4.0:::::::*

No data.

References

Link	Providers
https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373

History

No history.

MITRE

Status: PUBLISHED

Assigner: PureStorage

Published: 2023-10-02T23:02:31.591Z

Updated: 2024-08-02T12:38:24.928Z

Reserved: 2023-03-15T04:06:47.635Z

Link: CVE-2023-28373

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-10-03T00:15:09.913

Modified: 2023-10-05T15:39:04.883

Link: CVE-2023-28373

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28373", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "state": "PUBLISHED", "assignerShortName": "PureStorage", "dateReserved": "2023-03-15T04:06:47.635Z", "datePublished": "2023-10-02T23:02:31.591Z", "dateUpdated": "2024-08-02T12:38:24.928Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["SafeMode"], "product": "FlashArray Purity", "vendor": "Pure Storage", "versions": [{"lessThanOrEqual": "6.1.22", "status": "affected", "version": "6.1.0", "versionType": "custom"}, {"lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "custom"}, {"lessThanOrEqual": "6.3.6", "status": "affected", "version": "6.3.0", "versionType": "custom"}, {"status": "affected", "version": "6.4.0"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Mountain America Credit Union (MACU) "}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. </span><br>"}], "value": "A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2023-10-02T23:02:31.591Z"}, "references": [{"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later</span><br>"}], "value": "This issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later\n"}], "source": {"discovery": "USER"}, "title": "FlashArray SafeMode Immutable Vulnerability ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:24.928Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F59FAA6-8982-4800-A1C4-10F22D48EC8A", "versionEndIncluding": "6.1.22", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FFCC8E3-F18E-4013-AE72-7C2FBB9AAA73", "versionEndIncluding": "6.2.15", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C2DB4EF-77FB-43E8-B87B-D1B8173BB6EB", "versionEndIncluding": "6.3.6", "versionStartIncluding": "6.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9B9E8C5D-640F-42DB-8842-5D381EF9FF35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \n"}, {"lang": "es", "value": "Existe una falla en FlashArray Purity por la cual un administrador de matriz, al configurar un administrador de claves externo, puede afectar la disponibilidad de los datos en el sistema, incluidas las instant\u00e1neas protegidas por SafeMode."}], "id": "CVE-2023-28373", "lastModified": "2023-10-05T15:39:04.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "psirt@purestorage.com", "type": "Secondary"}]}, "published": "2023-10-03T00:15:09.913", "references": [{"source": "psirt@purestorage.com", "tags": ["Vendor Advisory"], "url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373"}], "sourceIdentifier": "psirt@purestorage.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}