CVE-2023-36628 - Vulnerability Details - OpenCVE

Description

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

Published: 2023-10-02

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Pure Storage

FlashArray Purity

unaffected

Version	Status	Constraints
`6.1.*`	affected	—
`6.2.*`	affected	—
`6.3.0`	affected	≤ 6.3.11
`6.4.0`	affected	≤ 6.4.5

Configuration 1 [-]

OR	cpe:2.3:a:purestorage:purity\/\/fa::::::::
	cpe:2.3:a:purestorage:purity\/\/fa::::::::

No data.

No data available yet.

Remediation

Vendor Solution

This issue is resolved in FlashArray Purity (OE) versions 6.3.12 and later, 6.4.6 and later.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-40572	A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628

History

Mon, 23 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Purestorage Purity\/\/fa

MITRE

Status: PUBLISHED

Assigner: PureStorage

Published: 2023-10-02T23:15:28.716Z

Updated: 2024-09-23T13:35:46.180Z

Reserved: 2023-06-25T15:05:39.900Z

Link: CVE-2023-36628

Vulnrichment

Updated: 2024-08-02T16:52:54.069Z

NVD

Status : Modified

Published: 2023-10-03T00:15:10.057

Modified: 2024-11-21T08:10:06.790

Link: CVE-2023-36628

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36628", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "state": "PUBLISHED", "assignerShortName": "PureStorage", "dateReserved": "2023-06-25T15:05:39.900Z", "datePublished": "2023-10-02T23:15:28.716Z", "dateUpdated": "2024-09-23T13:35:46.180Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["VMware vSphere VASA Service"], "product": "FlashArray Purity", "vendor": "Pure Storage", "versions": [{"status": "affected", "version": "6.1.*"}, {"status": "affected", "version": "6.2.*"}, {"lessThanOrEqual": "6.3.11", "status": "affected", "version": "6.3.0", "versionType": "custom"}, {"lessThanOrEqual": "6.4.5", "status": "affected", "version": "6.4.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.</span><br>"}], "value": "A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2023-10-02T23:15:28.716Z"}, "references": [{"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is resolved in FlashArray Purity (OE) versions 6.3.12 and later, 6.4.6 and later. </span><br>"}], "value": "This issue is resolved in FlashArray Purity (OE) versions 6.3.12 and later, 6.4.6 and later.\u00a0\n"}], "source": {"discovery": "INTERNAL"}, "title": "Privilege Escalation in VASA", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:54.069Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T13:35:38.192072Z", "id": "CVE-2023-36628", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T13:35:46.180Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:54.069Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36628", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-23T13:35:38.192072Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T13:35:30.814Z"}}], "cna": {"title": "Privilege Escalation in VASA", "source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pure Storage", "modules": ["VMware vSphere VASA Service"], "product": "FlashArray Purity", "versions": [{"status": "affected", "version": "6.1.*"}, {"status": "affected", "version": "6.2.*"}, {"status": "affected", "version": "6.3.0", "versionType": "custom", "lessThanOrEqual": "6.3.11"}, {"status": "affected", "version": "6.4.0", "versionType": "custom", "lessThanOrEqual": "6.4.5"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue is resolved in FlashArray Purity (OE) versions 6.3.12 and later, 6.4.6 and later.\u00a0\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is resolved in FlashArray Purity (OE) versions 6.3.12 and later, 6.4.6 and later. </span><br>", "base64": false}]}], "references": [{"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.</span><br>", "base64": false}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2023-10-02T23:15:28.716Z"}}}, "cveMetadata": {"cveId": "CVE-2023-36628", "state": "PUBLISHED", "dateUpdated": "2024-09-23T13:35:46.180Z", "dateReserved": "2023-06-25T15:05:39.900Z", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "datePublished": "2023-10-02T23:15:28.716Z", "assignerShortName": "PureStorage"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "matchCriteriaId": "6881D7BE-6B12-41E7-887C-C6BD9ACEEDFA", "versionEndIncluding": "6.3.11", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAE96D7F-D9ED-48B4-8E5B-CE5537C79C4A", "versionEndIncluding": "6.4.5", "versionStartIncluding": "6.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.\n"}, {"lang": "es", "value": "Existe una falla en VASA que permite a los usuarios con acceso a un administrador de VMware vSphere/ESXi en un FlashArray obtener acceso al root a trav\u00e9s de una escalada de privilegios."}], "id": "CVE-2023-36628", "lastModified": "2024-11-21T08:10:06.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@purestorage.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-03T00:15:10.057", "references": [{"source": "psirt@purestorage.com", "tags": ["Vendor Advisory"], "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628"}], "sourceIdentifier": "psirt@purestorage.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}