CVE-2023-32572 - OpenCVE

A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Purestorage	Purity\/\/fa

Configuration 1 [-]

OR	cpe:2.3:a:purestorage:purity\/\/fa::::::::
	cpe:2.3:a:purestorage:purity\/\/fa::::::::

No data.

References

Link	Providers
https://https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_-_FlashArray_pgroup_Retention_Lock_SafeMode_Protection_CVE-2023-32572

History

No history.

MITRE

Status: PUBLISHED

Assigner: PureStorage

Published: 2023-10-02T23:09:04.606Z

Updated: 2024-08-02T15:18:37.636Z

Reserved: 2023-05-10T05:04:37.537Z

Link: CVE-2023-32572

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-10-03T00:15:09.990

Modified: 2023-10-05T15:38:20.757

Link: CVE-2023-32572

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32572", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "state": "PUBLISHED", "assignerShortName": "PureStorage", "dateReserved": "2023-05-10T05:04:37.537Z", "datePublished": "2023-10-02T23:09:04.606Z", "dateUpdated": "2024-08-02T15:18:37.636Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["pgroup SafeMode"], "product": "FlashArray Purity", "vendor": "Pure Storage", "versions": [{"lessThanOrEqual": "6.3.7", "status": "affected", "version": "6.3.0", "versionType": "custom"}, {"lessThanOrEqual": "6.4.1", "status": "affected", "version": "6.4.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. </span><br>"}], "value": "A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. \n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2023-10-02T23:09:04.606Z"}, "references": [{"url": "https://https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_-_FlashArray_pgroup_Retention_Lock_SafeMode_Protection_CVE-2023-32572"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is resolved in FlashArray Purity (OE) versions 6.3.8 and later, 6.4.3 and later. </span><br>"}], "value": "This issue is resolved in FlashArray Purity (OE) versions 6.3.8 and later, 6.4.3 and later.\u00a0\n"}], "source": {"discovery": "INTERNAL"}, "title": "FlashArray pgroup Retention Lock SafeMode Protection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:18:37.636Z"}, "title": "CVE Program Container", "references": [{"url": "https://https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_-_FlashArray_pgroup_Retention_Lock_SafeMode_Protection_CVE-2023-32572", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ADFB62F-89D0-47D3-B1AE-2F94E0CB836B", "versionEndIncluding": "6.3.7", "versionStartIncluding": "6.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF891343-05A8-462B-A154-F62D61188B04", "versionEndIncluding": "6.4.1", "versionStartIncluding": "6.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. \n"}, {"lang": "es", "value": "Existe una falla en FlashArray Purity en la que, en circunstancias limitadas, un administrador de matriz puede alterar el bloqueo de retenci\u00f3n de un pgroup y deshabilitar la protecci\u00f3n SafeMode de pgroup."}], "id": "CVE-2023-32572", "lastModified": "2023-10-05T15:38:20.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "psirt@purestorage.com", "type": "Secondary"}]}, "published": "2023-10-03T00:15:09.990", "references": [{"source": "psirt@purestorage.com", "tags": ["Vendor Advisory"], "url": "https://https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_-_FlashArray_pgroup_Retention_Lock_SafeMode_Protection_CVE-2023-32572"}], "sourceIdentifier": "psirt@purestorage.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}