{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28373", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "state": "PUBLISHED", "assignerShortName": "PureStorage", "dateReserved": "2023-03-15T04:06:47.635Z", "datePublished": "2023-10-02T23:02:31.591Z", "dateUpdated": "2024-09-23T13:43:23.214Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["SafeMode"], "product": "FlashArray Purity", "vendor": "Pure Storage", "versions": [{"lessThanOrEqual": "6.1.22", "status": "affected", "version": "6.1.0", "versionType": "custom"}, {"lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "custom"}, {"lessThanOrEqual": "6.3.6", "status": "affected", "version": "6.3.0", "versionType": "custom"}, {"status": "affected", "version": "6.4.0"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Mountain America Credit Union (MACU) "}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. </span><br>"}], "value": "A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2023-10-02T23:02:31.591Z"}, "references": [{"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later</span><br>"}], "value": "This issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later\n"}], "source": {"discovery": "USER"}, "title": "FlashArray SafeMode Immutable Vulnerability ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:24.928Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T13:43:15.300807Z", "id": "CVE-2023-28373", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T13:43:23.214Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:24.928Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28373", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-23T13:43:15.300807Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T13:43:19.284Z"}}], "cna": {"title": "FlashArray SafeMode Immutable Vulnerability ", "source": {"discovery": "USER"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Mountain America Credit Union (MACU) "}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pure Storage", "modules": ["SafeMode"], "product": "FlashArray Purity", "versions": [{"status": "affected", "version": "6.1.0", "versionType": "custom", "lessThanOrEqual": "6.1.22"}, {"status": "affected", "version": "6.2.0", "versionType": "custom", "lessThanOrEqual": "6.2.15"}, {"status": "affected", "version": "6.3.0", "versionType": "custom", "lessThanOrEqual": "6.3.6"}, {"status": "affected", "version": "6.4.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later</span><br>", "base64": false}]}], "references": [{"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. </span><br>", "base64": false}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2023-10-02T23:02:31.591Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28373", "state": "PUBLISHED", "dateUpdated": "2024-09-23T13:43:23.214Z", "dateReserved": "2023-03-15T04:06:47.635Z", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "datePublished": "2023-10-02T23:02:31.591Z", "assignerShortName": "PureStorage"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F59FAA6-8982-4800-A1C4-10F22D48EC8A", "versionEndIncluding": "6.1.22", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FFCC8E3-F18E-4013-AE72-7C2FBB9AAA73", "versionEndIncluding": "6.2.15", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C2DB4EF-77FB-43E8-B87B-D1B8173BB6EB", "versionEndIncluding": "6.3.6", "versionStartIncluding": "6.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9B9E8C5D-640F-42DB-8842-5D381EF9FF35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \n"}, {"lang": "es", "value": "Existe una falla en FlashArray Purity por la cual un administrador de matriz, al configurar un administrador de claves externo, puede afectar la disponibilidad de los datos en el sistema, incluidas las instant\u00e1neas protegidas por SafeMode."}], "id": "CVE-2023-28373", "lastModified": "2024-11-21T07:54:56.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "psirt@purestorage.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-03T00:15:09.913", "references": [{"source": "psirt@purestorage.com", "tags": ["Vendor Advisory"], "url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373"}], "sourceIdentifier": "psirt@purestorage.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}